CVE-2009-1186

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 17-04-2009 04:30

Last modified: - 03-06-2022 05:05

Total changes: - 2

Description

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

2.1

Base score

3.9

2.9

Exploitability score

Impact score

Verification logic

vendor=udev_project AND product=udev AND versionEndExcluding=141

vendor=opensuse AND product=opensuse AND version=11.1

vendor=opensuse AND product=opensuse AND version=11.0

vendor=opensuse AND product=opensuse AND version=10.3

vendor=suse AND product=linux_enterprise_server AND version=10 AND update=sp2

vendor=suse AND product=linux_enterprise_desktop AND version=10 AND update=sp2

vendor=suse AND product=linux_enterprise_server AND version=11 AND update=-

vendor=suse AND product=linux_enterprise_desktop AND version=11 AND update=-

vendor=suse AND product=linux_enterprise_debuginfo AND version=10 AND update=sp2

vendor=suse AND product=linux_enterprise_debuginfo AND version=11 AND update=-

vendor=Debian AND product=debian_linux AND version=5.0

vendor=Debian AND product=debian_linux AND version=4.0

vendor=canonical AND product=ubuntu_linux AND version=7.10

vendor=canonical AND product=ubuntu_linux AND version=8.10

vendor=canonical AND product=ubuntu_linux AND version=8.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=6.06

vendor=fedoraproject AND product=fedora AND version=10

vendor=fedoraproject AND product=fedora AND version=9

Reference

34539-Third Party Advisory, VDB Entry
34753-Not Applicable
USN-758-1-Third Party Advisory
DSA-1772-Third Party Advisory
34750-Not Applicable
http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=662c3110803bd8c1aedacc36788e6fd028944314
https://launchpad.net/bugs/cve/2009-1186
https://bugzilla.redhat.com/show_bug.cgi?id=495052
34731-Not Applicable
34787-Not Applicable
SSA:2009-111-01-Third Party Advisory
1022068-Broken Link, Third Party Advisory, VDB Entry
http://wiki.rpath.com/Advisories:rPSA-2009-0063
34785-Not Applicable
SUSE-SA:2009:020-Mailing List, Third Party Advisory
34771-Not Applicable
ADV-2009-1053-Permissions Required
FEDORA-2009-3712-Mailing List, Third Party Advisory
FEDORA-2009-3711-Mailing List, Third Party Advisory
34801-Not Applicable
GLSA-200904-18-Third Party Advisory
MDVSA-2009:103-Broken Link
34776-Not Applicable
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063
20090417 rPSA-2009-0063-1 udev-Third Party Advisory, VDB Entry

Keywords

CVE-2009-1186

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1186

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures