CVE - CVE-2009-2406

CVE-ID
CVE-2009-2406	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1022663 URL:http://www.securitytracker.com/id?1022663 MISC:20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/505334/100/0/threaded MISC:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded MISC:35851 URL:http://www.securityfocus.com/bid/35851 MISC:35985 URL:http://secunia.com/advisories/35985 MISC:36045 URL:http://secunia.com/advisories/36045 MISC:36051 URL:http://secunia.com/advisories/36051 MISC:36054 URL:http://secunia.com/advisories/36054 MISC:36116 URL:http://secunia.com/advisories/36116 MISC:36131 URL:http://secunia.com/advisories/36131 MISC:37471 URL:http://secunia.com/advisories/37471 MISC:ADV-2009-2041 URL:~~http://www.vupen.com/english/advisories/2009/2041~~ (Obsolete source) MISC:ADV-2009-3316 URL:~~http://www.vupen.com/english/advisories/2009/3316~~ (Obsolete source) MISC:DSA-1844 URL:http://www.debian.org/security/2009/dsa-1844 MISC:DSA-1845 URL:http://www.debian.org/security/2009/dsa-1845 MISC:FEDORA-2009-8144 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html MISC:FEDORA-2009-8264 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html MISC:MDVSA-2011:029 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:029~~ (Obsolete source) MISC:RHSA-2009:1193 URL:http://www.redhat.com/support/errata/RHSA-2009-1193.html MISC:SUSE-SR:2009:015 URL:http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html MISC:USN-807-1 URL:http://www.ubuntu.com/usn/usn-807-1 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e MISC:http://risesecurity.org/advisories/RISE-2009002.txt URL:http://risesecurity.org/advisories/RISE-2009002.txt MISC:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.4 URL:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.4 MISC:http://www.vmware.com/security/advisories/VMSA-2009-0016.html URL:http://www.vmware.com/security/advisories/VMSA-2009-0016.html MISC:oval:org.mitre.oval:def:10072 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10072 MISC:oval:org.mitre.oval:def:8246 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8246
Assigning CNA
Red Hat, Inc.
Date Record Created
20090709	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090709)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)