National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2009-1633 Detail

Description

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.

Source:  MITRE      Last Modified:  05/28/2009

Quick Info

CVE Dictionary Entry:
CVE-2009-1633
Original release date:
05/28/2009
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.1 HIGH
Vector:
(AV:N/AC:M/Au:N/C:N/I:N/A:C) (legend)
Impact Subscore:
6.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/10/2009)

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1211.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61 Patch External Source CONFIRM http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413 Patch External Source CONFIRM http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4 Patch External Source CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html External Source SUSE SUSE-SA:2009:054
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html External Source SUSE SUSE-SA:2009:056
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html External Source SUSE SUSE-SA:2010:012
http://marc.info/?l=oss-security&m=124099284225229&w=2 External Source MLIST [oss-security] 20090429 Re: CVE request? buffer overflow in CIFS in 2.6.*
http://marc.info/?l=oss-security&m=124099371726547&w=2 External Source MLIST [oss-security] 20090429 Re: CVE request? buffer overflow in CIFS in 2.6.*
http://wiki.rpath.com/Advisories:rPSA-2009-0111 External Source CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://www.debian.org/security/2009/dsa-1809 External Source DEBIAN DSA-1809
http://www.debian.org/security/2009/dsa-1844 External Source DEBIAN DSA-1844
http://www.debian.org/security/2009/dsa-1865 External Source DEBIAN DSA-1865
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4 External Source CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 External Source MANDRIVA MDVSA-2009:148
http://www.openwall.com/lists/oss-security/2009/05/14/1 Patch External Source MLIST [oss-security] 20090514 Update - Re: CVE request? buffer overflow in CIFS in 2.6.*
http://www.openwall.com/lists/oss-security/2009/05/14/4 Patch External Source MLIST [oss-security] 20090514 Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*
http://www.openwall.com/lists/oss-security/2009/05/15/2 Patch External Source MLIST [oss-security] 20090515 Re: Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*
http://www.redhat.com/support/errata/RHSA-2009-1157.html External Source REDHAT RHSA-2009:1157
http://www.securityfocus.com/archive/1/archive/1/505254/100/0/threaded External Source BUGTRAQ 20090724 rPSA-2009-0111-1 kernel
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded External Source BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/bid/34612 External Source BID 34612
http://www.ubuntu.com/usn/usn-793-1 External Source UBUNTU USN-793-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316 Vendor Advisory External Source VUPEN ADV-2009-3316
https://bugzilla.redhat.com/show_bug.cgi?id=496572 Patch External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=496572
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588 External Source OVAL oval:org.mitre.oval:def:8588
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525 External Source OVAL oval:org.mitre.oval:def:9525
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html Patch External Source FEDORA FEDORA-2009-5356
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html External Source FEDORA FEDORA-2009-5383

References to Check Content

Identifier:
oval:org.mitre.oval:def:8588
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8588
Identifier:
oval:org.mitre.oval:def:9525
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9525

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.32:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.33:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.34:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.35:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.36:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.37:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.38:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.39:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.40:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.41:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.42:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.43:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.44:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.45:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.46:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.47:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.48:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.49:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.50:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.51:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.52:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.53:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.54:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.55:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.56:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.57:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.58:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.59:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.60:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.61:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.62:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*
Showing 100 of 270 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 2 change records found - show changes