Published: 04/12/2009 Updated: 13/02/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote malicious users to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.32

Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges (CVE-2009-4020, CVE-2009-4308) ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Secu ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 56 Extended Update SupportThe Red Hat Security Response Team has rated this update as havin ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant secur ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Securi ...

NOTE: This kernel update marks the final planned kernel security update for the 2618 kernel in the Debian release 'etch' Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date A final update that includes fixes for these issues in the 2624 kernel is also in prepara ...

NOTE: This kernel update marks the final planned kernel security update for the 2624 kernel in the Debian release 'etch' Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=540736 http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2 http://www.openwall.com/lists/oss-security/2009/12/04/1 http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch https://rhn.redhat.com/errata/RHSA-2010-0046.html https://rhn.redhat.com/errata/RHSA-2010-0095.html http://support.avaya.com/css/P8/documents/100073666 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://secunia.com/advisories/38276 http://www.debian.org/security/2010/dsa-2005 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html http://www.novell.com/linux/security/advisories/2010_23_kernel.html http://secunia.com/advisories/39742 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6750 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10091 https://usn.ubuntu.com/894-1/https://nvd.nist.gov

Get Started

CVE-2009-4020

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect