Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1961

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2009-1961
Last Modified 19 Mar 2012 12:00:00
Published 07 Jun 2009 09:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1961

Summary

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.27.1

  • Linux Kernel 2.6.27.10

  • Linux Kernel 2.6.27.11

  • Linux Kernel 2.6.27.12

  • Linux Kernel 2.6.27.13

  • Linux Kernel 2.6.27.14

  • Linux Kernel 2.6.27.15

  • Linux Kernel 2.6.27.16

  • Linux Kernel 2.6.27.17

  • Linux Kernel 2.6.27.18

  • Linux Kernel 2.6.27.19

  • Linux Kernel 2.6.27.2

  • Linux Kernel 2.6.27.20

  • Linux Kernel 2.6.27.21

  • Linux Kernel 2.6.27.22

  • Linux Kernel 2.6.27.23

  • Linux Kernel 2.6.27.3

  • Linux Kernel 2.6.27.4

  • Linux Kernel 2.6.29

  • Linux Kernel 2.6.29.3

  • Linux Kernel 2.6.29.rc1

  • Linux Kernel 2.6.29.rc2

  • Linux Kernel 2.6.29.rc2-git1

  • Linux Kernel 2.6.30


References

MLIST - [oss-security] 20090530 Re: CVE request: kernel: splice local denial of service

MLIST - [oss-security] 20090529 CVE request: kernel: splice local denial of service

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17

UBUNTU - USN-793-1

BID - 35143

REDHAT - RHSA-2009:1157

MLIST - [oss-security] 20090603 Re: CVE request: kernel: splice local denial of service

MLIST - [oss-security] 20090602 Re: CVE request: kernel: splice local denial of service

MANDRIVA - MDVSA-2009:148

MANDRIVA - MDVSA-2009:135

DEBIAN - DSA-1844

SECTRACK - 1022307

SECUNIA - 36051

SECUNIA - 35847

SECUNIA - 35656

SECUNIA - 35394

SECUNIA - 35390

SUSE - SUSE-SA:2009:038

SUSE - SUSE-SA:2009:031

SUSE - SUSE-SA:2009:030


Last Updated: 27 May 2016 10:49:34