Computer Security
[EN] securityvulns.ru no-pyccku


Linux eCryptfs buffer overflow
Published:29.07.2009
Source:
SecurityVulns ID:10108
Type:local
Threat Level:
6/10
Description:Buffer overflows on parse_tag_11_packet and parse_tag_3_packet functions.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.)
 CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.)
Original documentdocumentRISE Security, [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (29.07.2009)
 documentRISE Security, [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (29.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod