Vulnerability Description
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.6.29 |
Related Weaknesses (CWE)
References
- http://blog.fefe.de/?ts=b72905a8
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html
- http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html
- http://secunia.com/advisories/34981
- http://secunia.com/advisories/35011
- http://secunia.com/advisories/35120
- http://secunia.com/advisories/35121
- http://secunia.com/advisories/35185
- http://secunia.com/advisories/35217
- http://secunia.com/advisories/35226
- http://secunia.com/advisories/35343
FAQ
What is CVE-2009-1439?
CVE-2009-1439 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect res...
How severe is CVE-2009-1439?
CVE-2009-1439 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1439?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.