Vulnerability Details : CVE-2009-1633
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2009-1633
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Threat overview for CVE-2009-1633
Top countries where our scanners detected CVE-2009-1633
Top open port discovered on systems with this issue
53
IPs affected by CVE-2009-1633 1,532
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-1633!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-1633
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1633
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2009-1633
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1633
-
Red Hat 2009-09-10This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1211.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .
References for CVE-2009-1633
-
http://www.securityfocus.com/archive/1/505254/100/0/threaded
Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588
Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/usn-793-1
USN-793-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html
Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1865
[SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilitiesThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2009-1157.html
SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List;Third Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.debian.org/security/2009/dsa-1809
Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2009/05/14/4
Mailing List;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:056) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/34612
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2009/dsa-1844
[SECURITY] [DSA 1844-1] New Linux 2.6.24 packages fix several vulnerabilitiesThird Party Advisory
-
http://marc.info/?l=oss-security&m=124099284225229&w=2
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:054) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4
Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=496572
Issue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/05/14/1
Mailing List;Patch;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html
Patch;Third Party Advisory
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory;VDB Entry
-
http://wiki.rpath.com/Advisories:rPSA-2009-0111
Broken Link
-
http://www.openwall.com/lists/oss-security/2009/05/15/2
Mailing List;Patch;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
MandrivaThird Party Advisory
-
http://marc.info/?l=oss-security&m=124099371726547&w=2
Mailing List;Third Party Advisory
Jump to