CVE-2009-1336 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2009-1336
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2009-1336

Description: fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.

CVE Status: Candidate

References: ST 1022176 SAID Secunia Advisory: SA35011 Secunia Advisory: SA35015 Secunia Advisory: SA35160 Secunia Advisory: SA37471 REDHAT http://www.redhat.com/support/errata/RHSA-2009-1024.html http://rhn.redhat.com/errata/RHSA-2009-0473.html http://www.redhat.com/support/errata/RHSA-2009-1077.html MLIST http://www.openwall.com/lists/oss-security/2009/04/17/2 http://www.openwall.com/lists/oss-security/2009/04/06/1 DEBIAN http://www.debian.org/security/2009/dsa-1794 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=54af3bb543c071769141387a42deaaab5074da55 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23 http://www.vmware.com/security/advisories/VMSA-2009-0016.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded BID 34390

Return to the previous page.