Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1250

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2009-1250
Last Modified 26 Jan 2011 01:35:17
Published 08 Apr 2009 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1250

Summary

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.

Vulnerable Systems

Application

  • Ibm Afs 3.6

  • Openafs 1.0

  • Openafs 1.0.1

  • Openafs 1.0.2

  • Openafs 1.0.3

  • Openafs 1.0.4

  • Openafs 1.0.4a

  • Openafs 1.1

  • Openafs 1.1.0

  • Openafs 1.1.1

  • Openafs 1.1.1a

  • Openafs 1.2

  • Openafs 1.2.1

  • Openafs 1.2.10

  • Openafs 1.2.11

  • Openafs 1.2.13

  • Openafs 1.2.2

  • Openafs 1.2.2a

  • Openafs 1.2.2b

  • Openafs 1.2.3

  • Openafs 1.2.4

  • Openafs 1.2.5

  • Openafs 1.2.6

  • Openafs 1.2.7

  • Openafs 1.2.8

  • Openafs 1.2.9

  • Openafs 1.3

  • Openafs 1.3.1

  • Openafs 1.3.2

  • Openafs 1.3.5

  • Openafs 1.3.70

  • Openafs 1.3.74

  • Openafs 1.3.77

  • Openafs 1.3.81

  • Openafs 1.4

  • Openafs 1.4.0

  • Openafs 1.4.3

  • Openafs 1.4.4

  • Openafs 1.4.5

  • Openafs 1.4.6

  • Openafs 1.4.7

  • Openafs 1.4.7 Pre1

  • Openafs 1.4.7 Pre2

  • Openafs 1.4.7 Pre3

  • Openafs 1.4.7 Pre4

  • Openafs 1.4.7 Pre5

  • Openafs 1.4.8

  • Openafs 1.4.8 Pre1

  • Openafs 1.4.8 Pre2

  • Openafs 1.4.8 Pre3

  • Openafs 1.5

  • Openafs 1.5.16

  • Openafs 1.5.17

  • Openafs 1.5.26

  • Openafs 1.5.27

  • Openafs 1.5.30

  • Openafs 1.5.31

  • Openafs 1.5.32

  • Openafs 1.5.33

  • Openafs 1.5.34

  • Openafs 1.5.35

  • Openafs 1.5.36

  • Openafs 1.5.38

  • Openafs 1.5.39

  • Openafs 1.5.50

  • Openafs 1.5.52

  • Openafs 1.5.53

  • Openafs 1.5.54

  • Openafs 1.5.55

  • Openafs 1.5.56

  • Openafs 1.5.57

  • Openafs 1.5.58


References

VUPEN - ADV-2011-0117

VUPEN - ADV-2009-0984

BID - 34404

CONFIRM - http://www.openafs.org/security/OPENAFS-SA-2009-002.txt

CONFIRM - http://www.openafs.org/security/openafs-sa-2009-002.patch

MANDRIVA - MDVSA-2009:099

DEBIAN - DSA-1768

AIXAPAR - ID71123

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21396389

GENTOO - GLSA-201101-05

SECUNIA - 42896

SECUNIA - 36310

SECUNIA - 34684

SECUNIA - 34655


Last Updated: 27 May 2016 10:50:30