Vulnerability DatabaseCVE-2009-2407
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-2407
July 31, 2009
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.
Related Resources (27)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.4
http://secunia.com/advisories/36131
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.debian.org/security/2009/dsa-1844
http://secunia.com/advisories/36051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11255
http://www.vupen.com/english/advisories/2009/2041
http://secunia.com/advisories/36116
http://risesecurity.org/advisories/RISE-2009003.txt
http://www.vupen.com/english/advisories/2009/3316
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/36045
http://www.securityfocus.com/bid/35850
http://www.securityfocus.com/archive/1/505337/100/0/threaded
http://www.ubuntu.com/usn/usn-807-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8057
http://secunia.com/advisories/37471
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2009-1193.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f151cd2c54ddc7714e2f740681350476cda03a28
http://secunia.com/advisories/35985
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html
http://secunia.com/advisories/36054
http://www.debian.org/security/2009/dsa-1845
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2407
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html
https://access.redhat.com/security/cve/CVE-2009-2407
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
6.9
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
0.28