CVE-2009-1250

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 09-04-2009 02:30

Last modified: - 23-01-2023 07:44

Total changes: - 8

Description

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

7.8

Base score

10.0

6.9

Exploitability score

Impact score

Verification logic

Reference

http://www.openafs.org/security/OPENAFS-SA-2009-002.txt
http://www.openafs.org/security/openafs-sa-2009-002.patch
34404-
34655-
ADV-2009-0984-
DSA-1768-
34684-
MDVSA-2009:099-
ID71123-
36310-
http://www-01.ibm.com/support/docview.wss?uid=swg21396389
ADV-2011-0117-
42896-
GLSA-201101-05-

Keywords

CVE-2009-1250

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1250

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures