National Cyber-Alert System
Vulnerability Summary for CVE-2009-1633
Original release date:05/28/2009
Last revised:08/19/2009
Source:
US-CERT/NIST
Overview
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown
- Official Statement from Red Hat (07/15/2009)
-
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1633
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.
It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1157.html
Future kernel updates in Red Hat Enterprise Linux 4 and 5 will address this flaw.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: FEDORA
Name: FEDORA-2009-5356
Type: Patch Information
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=496572
Type: Patch Information
External Source: MLIST
Name: [oss-security] 20090515 Re: Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*
Type: Patch Information
External Source: MLIST
Name: [oss-security] 20090514 Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*
Type: Patch Information
External Source: MLIST
Name: [oss-security] 20090514 Update - Re: CVE request? buffer overflow in CIFS in 2.6.*
Type: Patch Information
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4
Type: Patch Information
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
Type: Patch Information
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
Type: Patch Information
External Source: FEDORA
Name: FEDORA-2009-5383
External Source: BID
Name: 34612
External Source: BUGTRAQ
Name: 20090724 rPSA-2009-0111-1 kernel
External Source: REDHAT
Name: RHSA-2009:1157
External Source: MANDRIVA
Name: MDVSA-2009:148
External Source: CONFIRM
Name: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4
External Source: DEBIAN
Name: DSA-1865
External Source: DEBIAN
Name: DSA-1844
External Source: DEBIAN
Name: DSA-1809
External Source: CONFIRM
Name: http://wiki.rpath.com/Advisories:rPSA-2009-0111
External Source: SECUNIA
Name: 36327
External Source: SECUNIA
Name: 36051
External Source: SECUNIA
Name: 35847
External Source: SECUNIA
Name: 35298
External Source: SECUNIA
Name: 35226
Type: Advisory
External Source: SECUNIA
Name: 35217
External Source: MLIST
Name: [oss-security] 20090429 Re: CVE request? buffer overflow in CIFS in 2.6.*
External Source: MLIST
Name: [oss-security] 20090429 Re: CVE request? buffer overflow in CIFS in 2.6.*