CVE-2009-1633: Buffer Overflow
First published: Mon Apr 20 2009(Updated: )
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | <2.6.29.4 | |
| Debian | =4.0 | |
| Debian | =5.0 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =8.10 | |
| Ubuntu Linux | =9.04 | |
| Linux Kernel | <2.6.29.4 | |
| Ubuntu | =6.06 | |
| Ubuntu | =8.04 | |
| Ubuntu | =8.10 | |
| Ubuntu | =9.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=496572
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4
- http://marc.info/?l=oss-security&m=124099284225229&w=2
- http://secunia.com/advisories/35226
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4
- http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
- http://www.openwall.com/lists/oss-security/2009/05/14/4
- http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
- http://www.openwall.com/lists/oss-security/2009/05/15/2
- http://www.openwall.com/lists/oss-security/2009/05/14/1
- http://marc.info/?l=oss-security&m=124099371726547&w=2
- http://www.debian.org/security/2009/dsa-1809
- http://secunia.com/advisories/35298
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html
- http://secunia.com/advisories/35217
- http://www.securityfocus.com/bid/34612
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
- http://www.redhat.com/support/errata/RHSA-2009-1157.html
- http://secunia.com/advisories/36051
- http://www.debian.org/security/2009/dsa-1844
- http://wiki.rpath.com/Advisories:rPSA-2009-0111
- http://secunia.com/advisories/35847
- http://secunia.com/advisories/36327
- http://www.debian.org/security/2009/dsa-1865
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
- http://secunia.com/advisories/37351
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://secunia.com/advisories/37471
- http://www.vupen.com/english/advisories/2009/3316
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
- http://secunia.com/advisories/35656
- http://www.ubuntu.com/usn/usn-793-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/505254/100/0/threaded
- http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
- http://git.kernel.org/linus/afe48c31ea5c74eaac58621ce1c85ae8187c4383
- http://git.kernel.org/linus/18295796a30cada84e933d805072dc2248d54f98
- http://git.kernel.org/linus/9e39b0ae8af46c83b85dae7ff5251911a80fce5a
- http://git.kernel.org/linus/d185cda7712fd1d9e349174639d76eadc66679be
- http://git.kernel.org/linus/2edd6c5b0517b9131ede9e74cb121898ccd73042
- http://git.kernel.org/linus/20418acd6874792359b42c12d159f42f17593f34
- http://git.kernel.org/linus/f58841666bc22e827ca0dcef7b71c7bc2758ce82
- http://git.kernel.org/linus/460b96960d1946914e50316ffeefe7b41dddce91
- http://git.kernel.org/linus/59140797c5817363087b0ffb46e6bb81a11fe0dc
- http://git.kernel.org/linus/cc20c031bb067eb3280a1c4b5c42295093e24863
- http://git.kernel.org/linus/066ce6899484d9026acd6ba3a8dbbedb33d7ae1b
- http://git.kernel.org/linus/69f801fcaa03be83d58c564f00913b7c172808e4
- http://git.kernel.org/linus/7fabf0c9479fef9fdb9528a5fbdb1cb744a744a4
- http://git.kernel.org/linus/66345f50f070ae7412a28543ee197cb5eff73598
- http://git.kernel.org/linus/d37dc42ab6f040b8f0f2962ab219c5b2accf748d
- http://git.kernel.org/linus/7b0c8fcff47a885743125dd843db64af41af5a61
- http://git.kernel.org/linus/968460ebd8006d55661dec0fb86712b40d71c413
- http://git.kernel.org/linus/341060273232a2df0d1a7fa53abc661fcf22747c
- http://git.kernel.org/linus/d8e2f53ac99f4ce7d63807a84f98d1b80df598cf
- http://marc.info/?l=oss-security&m=124226897529946&w=2
- http://admin.fedoraproject.org/updates/kernel-2.6.27.24-78.2.53.fc9
- http://admin.fedoraproject.org/updates/kernel-2.6.27.24-170.2.68.fc10
- https://rhn.redhat.com/errata/RHSA-2009-1106.html
- https://rhn.redhat.com/errata/RHSA-2009-1157.html
- https://rhn.redhat.com/errata/RHSA-2009-1211.html
- http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=7b0c8fcff47a885743125dd843db64af41af5a61
- http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=968460ebd8006d55661dec0fb86712b40d71c413
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27b87fe52baba0a55e9723030e76fce94fabcea4
Frequently Asked Questions
What is the severity of CVE-2009-1633?
CVE-2009-1633 is considered a moderate severity vulnerability that can lead to denial of service due to memory corruption.
How do I fix CVE-2009-1633?
To fix CVE-2009-1633, upgrade the Linux kernel to version 2.6.29.4 or later.
What systems are affected by CVE-2009-1633?
CVE-2009-1633 affects various Linux distributions including Debian 4.0, 5.0 and Ubuntu 6.06, 8.04, 8.10, and 9.04.
What type of vulnerability is CVE-2009-1633?
CVE-2009-1633 is a buffer overflow vulnerability in the CIFS subsystem of the Linux kernel.
Can CVE-2009-1633 lead to data loss?
While CVE-2009-1633 primarily causes denial of service, it may indirectly lead to data loss due to memory corruption.
- collector/redhat-bugzilla
- alias/CVE-2009-1633
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/author
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- collector/nvd-index
- vendor/linux
- canonical/linux kernel
- vendor/debian
- canonical/debian
- version/debian/4.0
- version/debian/5.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/8.04
- version/ubuntu linux/8.10
- version/ubuntu linux/9.04
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/8.04
- version/ubuntu/8.10
- version/ubuntu/9.04