CVE-2009-1250

Published: 09/04/2009 Updated: 26/01/2011

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The cache manager in the client in OpenAFS 1.0 up to and including 1.4.8 and 1.5.0 up to and including 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote malicious users to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm afs
ibm afs 3.6
openafs openafs 1.0
openafs openafs 1.0.1
openafs openafs 1.0.2
openafs openafs 1.0.3
openafs openafs 1.0.4
openafs openafs 1.0.4a
openafs openafs 1.1
openafs openafs 1.1.0
openafs openafs 1.1.1
openafs openafs 1.1.1a
openafs openafs 1.2
openafs openafs 1.2.1
openafs openafs 1.2.2
openafs openafs 1.2.2a
openafs openafs 1.2.2b
openafs openafs 1.2.3
openafs openafs 1.2.4
openafs openafs 1.2.5
openafs openafs 1.2.6
openafs openafs 1.2.7
openafs openafs 1.2.8
openafs openafs 1.2.9
openafs openafs 1.2.10
openafs openafs 1.2.11
openafs openafs 1.2.13
openafs openafs 1.3
openafs openafs 1.3.1
openafs openafs 1.3.2
openafs openafs 1.3.5
openafs openafs 1.3.70
openafs openafs 1.3.74
openafs openafs 1.3.77
openafs openafs 1.3.81
openafs openafs 1.4
openafs openafs 1.4.0
openafs openafs 1.4.3
openafs openafs 1.4.4
openafs openafs 1.4.5
openafs openafs 1.4.6
openafs openafs 1.4.7
openafs openafs 1.4.7 pre1
openafs openafs 1.4.7 pre2
openafs openafs 1.4.7 pre3
openafs openafs 1.4.7 pre4
openafs openafs 1.4.7 pre5
openafs openafs 1.4.8
openafs openafs 1.4.8 pre1
openafs openafs 1.4.8 pre2
openafs openafs 1.4.8 pre3
openafs openafs 1.5
openafs openafs 1.5.16
openafs openafs 1.5.17
openafs openafs 1.5.26
openafs openafs 1.5.27
openafs openafs 1.5.30
openafs openafs 1.5.31
openafs openafs 1.5.32
openafs openafs 1.5.33
openafs openafs 1.5.34
openafs openafs 1.5.35
openafs openafs 1.5.36
openafs openafs 1.5.38
openafs openafs 1.5.39
openafs openafs 1.5.50
openafs openafs 1.5.52
openafs openafs 1.5.53
openafs openafs 1.5.54
openafs openafs 1.5.55
openafs openafs 1.5.56
openafs openafs 1.5.57
openafs openafs 1.5.58

CWE-189 http://www.openafs.org/security/OPENAFS-SA-2009-002.txt http://www.openafs.org/security/openafs-sa-2009-002.patch http://www.securityfocus.com/bid/34404 http://secunia.com/advisories/34655 http://www.vupen.com/english/advisories/2009/0984 http://www.debian.org/security/2009/dsa-1768 http://secunia.com/advisories/34684 http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123 http://secunia.com/advisories/36310 http://www-01.ibm.com/support/docview.wss?uid=swg21396389 http://www.vupen.com/english/advisories/2011/0117 http://secunia.com/advisories/42896 http://security.gentoo.org/glsa/glsa-201101-05.xml https://nvd.nist.gov

Get Started

CVE-2009-1250

Vulnerability Summary

References

Vulmon Search

About

Products

Connect