Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15037
HistoryDec 12, 2009 - 12:00 a.m.

Linux Kernel HFS子系统栈溢出漏洞

2009-12-1200:00:00
Root
www.seebug.org
26

0.113 Low

EPSS

Percentile

94.6%

JSON

CVE ID: CVE-2009-4020

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel的fs/hfs/dir.c文件中的hfs_readdir函数存在栈溢出漏洞,特制的多级文件系统(HFS)可以在 hfs_bnode_read()函数的memcpy()调用过程中触发这个溢出。攻击者可以提供源缓冲区和长度,目标缓冲区是固定长度的本地变量,这个变量存储在了hfs_bnode_read()调用程序的栈帧中(hfs_readdir())。由于在试图读取文件系统上目录时都会执行 hfs_readdir()函数,因此用户试图检查任何文件系统内容时都会调用这个函数。

Linux kernel 2.6.32
厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://bugzilla.redhat.com/attachment.cgi?id=373295

Related

veracode 1
cve 2
ubuntucve 2
prion 2
debiancve 1
securityvulns 1
nessus 28
openvas 26
oraclelinux 3
suse 6
centos 2
redhat 3
debian 2
osv 2
ubuntu 1
vmware 2
veracode
veracode
Buffer Overflows
2020-04-10 00:39:28
cve
cve
CVE-2009-4020
2009-12-04 21:30:00
CVE-2012-2319
2012-05-17 11:00:00
ubuntucve
ubuntucve
CVE-2009-4020
2009-12-04 00:00:00
CVE-2012-2319
2012-05-17 00:00:00
prion
prion
Stack overflow
2009-12-04 21:30:00
Buffer overflow
2012-05-17 11:00:00
debiancve
debiancve
CVE-2012-2319
2012-05-17 11:00:00
securityvulns
securityvulns
[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
2012-05-24 00:00:00
nessus
nessus
SuSE 10 Security Update : Linux kernel (x86) (ZYPP Patch Number 6925)
2010-10-11 00:00:00
SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 6929)
2012-05-17 00:00:00
Oracle Linux 5 : ELSA-2012-1323-1: / kernel (ELSA-2012-13231)
2023-09-07 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2012:1323 centos5
2012-10-05 00:00:00
RedHat Update for kernel RHSA-2012:1323-01
2012-10-03 00:00:00
SuSE Update for kernel SUSE-SA:2010:016
2010-03-22 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2010-02-03 00:00:00
kernel security and bug fix update
2010-01-20 00:00:00
Oracle Enterprise Linux 5.5 kernel security and bug fix update
2010-04-05 00:00:00
suse
suse
potential local privilege escalation, in kernel
2010-03-08 14:43:03
remote denial of service in kernel
2010-03-30 11:45:05
remote denial of service in kernel
2010-05-06 16:28:01
centos
centos
kernel security update
2010-02-04 12:33:45
kernel security update
2010-01-20 18:10:39
redhat
redhat
(RHSA-2010:0076) Important: kernel security and bug fix update
2010-02-02 00:00:00
(RHSA-2010:0046) Important: kernel security and bug fix update
2010-01-19 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
debian
debian
[SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities
2010-02-23 04:56:17
[SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities
2010-03-01 03:53:30
osv
osv
linux-2.6 - several vulnerabilities
2010-02-22 00:00:00
linux-2.6.24 - several vulnerabilities
2010-02-27 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2010-02-05 00:00:00
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

0.113 Low

EPSS

Percentile

94.6%

JSON
Related for SSV:15037
veracode1cve2ubuntucve2prion2debiancve1securityvulns1nessus28openvas26oraclelinux3suse6centos2redhat3debian2osv2ubuntu1vmware2