ID CVE-2009-0787
Summary The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.8:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.8:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.7:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.7:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 13-02-2023 - 02:19)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:N/A:N
oval via4
  • accepted 2013-04-29T04:11:15.952-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
    family unix
    id oval:org.mitre.oval:def:11068
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
    version 18
  • accepted 2014-01-20T04:01:38.292-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.
    family unix
    id oval:org.mitre.oval:def:8319
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware kernel ecryptfs_write_metadata_to_contents function vulnerability
    version 7
redhat via4
advisories
rhsa
id RHSA-2009:0473
rpms
  • kernel-0:2.6.18-128.1.10.el5
  • kernel-PAE-0:2.6.18-128.1.10.el5
  • kernel-PAE-debuginfo-0:2.6.18-128.1.10.el5
  • kernel-PAE-devel-0:2.6.18-128.1.10.el5
  • kernel-debug-0:2.6.18-128.1.10.el5
  • kernel-debug-debuginfo-0:2.6.18-128.1.10.el5
  • kernel-debug-devel-0:2.6.18-128.1.10.el5
  • kernel-debuginfo-0:2.6.18-128.1.10.el5
  • kernel-debuginfo-common-0:2.6.18-128.1.10.el5
  • kernel-devel-0:2.6.18-128.1.10.el5
  • kernel-doc-0:2.6.18-128.1.10.el5
  • kernel-headers-0:2.6.18-128.1.10.el5
  • kernel-kdump-0:2.6.18-128.1.10.el5
  • kernel-kdump-debuginfo-0:2.6.18-128.1.10.el5
  • kernel-kdump-devel-0:2.6.18-128.1.10.el5
  • kernel-xen-0:2.6.18-128.1.10.el5
  • kernel-xen-debuginfo-0:2.6.18-128.1.10.el5
  • kernel-xen-devel-0:2.6.18-128.1.10.el5
refmap via4
bid 34216
bugtraq 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm
osvdb 52860
sectrack 1022177
secunia
  • 34422
  • 35015
  • 37471
vupen
  • ADV-2009-0802
  • ADV-2009-3316
xf linux-kernel-ecryptfs-information-disclosure(49355)
statements via4
contributor Tomas Hoger
lastmodified 2009-05-19
organization Red Hat
statement This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0473.html .
Last major update 13-02-2023 - 02:19
Published 25-03-2009 - 01:30
Last modified 13-02-2023 - 02:19
Back to Top