CVE-2009-1186 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2009-1186?

CVE-2009-1186 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1186?

Check the references section above for vendor advisories and patch information. Affected products include: Udev Project Udev, Suse Linux Enterprise Debuginfo, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server.

Vulnerability Description

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Udev Project	Udev	< 141
Suse	Linux Enterprise Debuginfo	10
Opensuse	Opensuse	10.3
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Server	10
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06
Fedoraproject	Fedora	9

Related Weaknesses (CWE)

CWE-120

References

http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=662c3110803bd
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/34731Not Applicable
http://secunia.com/advisories/34750Not Applicable
http://secunia.com/advisories/34753Not Applicable
http://secunia.com/advisories/34771Not Applicable
http://secunia.com/advisories/34776Not Applicable
http://secunia.com/advisories/34785Not Applicable
http://secunia.com/advisories/34787Not Applicable
http://secunia.com/advisories/34801Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackwareThird Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0063Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063Broken Link
http://www.debian.org/security/2009/dsa-1772Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200904-18.xmlThird Party Advisory

FAQ

What is CVE-2009-1186?

CVE-2009-1186 is a vulnerability with a CVSS score of 2.1 (LOW). Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with c...

How severe is CVE-2009-1186?

CVE-2009-1186 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1186?

Check the references section above for vendor advisories and patch information. Affected products include: Udev Project Udev, Suse Linux Enterprise Debuginfo, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server.