CVE-2009-0787
Published Mar 25, 2009
Last updated 2 years ago
Overview
- Description
- The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-189
Vendor comments
- Red HatThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0473.html .
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26BD805F-08EB-42EC-BC54-26A7278E5089"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "217715A5-E69D-45C0-B8E4-5681528C651B"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A87AD66C-4321-4459-8556-3B0BA38C493A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87A347E0-9C0B-4674-9363-3C36DA27AC45"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E0F3DF0-6BD0-4560-9A13-C6493939D8B0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4BE1DF7-99CB-416B-B6F9-EC40FBD7D1C6"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B93AF773-FBB4-4A4A-ADD5-ADA40C24CD36"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38A55F08-88A9-42D5-A2B1-8B8C0D6DED09"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3975EC77-D33D-4167-91BE-08237C3EE9D0"
}
],
"operator": "OR"
}
]
}
]