ID CVE-2009-1250
Summary The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:afs:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:afs:3.6:patch12:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:3.6:patch12:*:*:*:*:*:*
  • cpe:2.3:a:ibm:afs:3.6:patch13:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:3.6:patch13:*:*:*:*:*:*
  • cpe:2.3:a:ibm:afs:3.6:patch14:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:3.6:patch14:*:*:*:*:*:*
  • cpe:2.3:a:ibm:afs:3.6:patch15:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:3.6:patch15:*:*:*:*:*:*
  • cpe:2.3:a:ibm:afs:3.6:patch16:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:3.6:patch16:*:*:*:*:*:*
  • cpe:2.3:a:ibm:afs:*:patch18:*:*:*:*:*:*
    cpe:2.3:a:ibm:afs:*:patch18:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.70:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.70:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.74:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.74:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.77:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.77:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.3.81:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.3.81:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.7_pre1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.7_pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.7_pre2:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.7_pre2:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.7_pre3:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.7_pre3:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.7_pre4:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.7_pre4:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.7_pre5:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.7_pre5:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.8_pre1:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.8_pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.8_pre2:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.8_pre2:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.4.8_pre3:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.4.8_pre3:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.26:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.26:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.27:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.30:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.31:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.31:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.32:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.32:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.33:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.33:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.34:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.34:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.35:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.35:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.36:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.36:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.38:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.38:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.39:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.39:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.50:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.50:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.52:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.52:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.53:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.53:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.54:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.54:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.55:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.55:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.56:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.56:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.57:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.57:*:*:*:*:*:*:*
  • cpe:2.3:a:openafs:openafs:1.5.58:*:*:*:*:*:*:*
    cpe:2.3:a:openafs:openafs:1.5.58:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 26-01-2011 - 06:35)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
aixapar ID71123
bid 34404
confirm
debian DSA-1768
gentoo GLSA-201101-05
mandriva MDVSA-2009:099
secunia
  • 34655
  • 34684
  • 36310
  • 42896
vupen
  • ADV-2009-0984
  • ADV-2011-0117
Last major update 26-01-2011 - 06:35
Published 09-04-2009 - 00:30
Last modified 26-01-2011 - 06:35
Back to Top