Lucene search

[email protected]CVE-2009-2649

HistoryJul 30, 2009 - 7:30 p.m.

CVE-2009-2649

2009-07-3019:30:00

CWE-264

[email protected]

web.nvd.nist.gov

freebsd

ata driver

denial of service

ioctl

cve-2009-2649

nvd

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.

Affected configurations

NVD

Node

freebsdfreebsdMatch6.0

freebsdfreebsdMatch8.0

CPENameOperatorVersion
freebsd:freebsdfreebsdeq6.0
freebsd:freebsdfreebsdeq8.0

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	6.0
freebsd:freebsd	freebsd	eq	8.0

References

www.securityfocus.com/bid/35645

www.securitytracker.com/id?1022538

www.exploit-db.com/exploits/9134

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for CVE-2009-2649

prion1 cvelist1 seebug1 nvd1