CVE-2009-1633

Linux Kernel < 2.6.29.4 - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.

References (38)

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27b87fe52baba0a55e9723030e76fce94fabcea4

[Patch] http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=7b0c8fcff47a885743125dd843db64af41af5a61

[Patch] http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=968460ebd8006d55661dec0fb86712b40d71c413

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

[Mailing List, Third Party Advisory] http://marc.info/?l=oss-security&m=124099284225229&w=2

[Mailing List, Third Party Advisory] http://marc.info/?l=oss-security&m=124099371726547&w=2

[Third Party Advisory] http://secunia.com/advisories/35217

[Third Party Advisory] http://secunia.com/advisories/35226

[Third Party Advisory] http://secunia.com/advisories/35298

[Third Party Advisory] http://secunia.com/advisories/35656

[Third Party Advisory] http://secunia.com/advisories/35847

[Third Party Advisory] http://secunia.com/advisories/36051

[Third Party Advisory] http://secunia.com/advisories/36327

[Third Party Advisory] http://secunia.com/advisories/37351

[Third Party Advisory] http://secunia.com/advisories/37471

[Broken Link] http://wiki.rpath.com/Advisories:rPSA-2009-0111

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1809

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1844

... and 18 more

Scores

EPSS 0.0184

EPSS Percentile 82.7%

Classification

CWE

CWE-119

Status draft

Affected Products (7)

linux/linux_kernel < 2.6.29.4

debian/debian_linux

debian/debian_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

Timeline

Published May 28, 2009

Tracked Since Feb 18, 2026