CVE-2009-0787

Severity

49%

Complexity

39%

Confidentiality

115%

The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.

The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:N/A:N).

Overview

First reported 15 years ago

2009-03-25 01:30:00

Last updated 6 years ago

2018-10-10 19:31:00

Affected Software

Linux Kernel 2.6.28

2.6.28

Linux Kernel 2.6.28.1

2.6.28.1

Linux Kernel 2.6.28.2

2.6.28.2

Linux Kernel 2.6.28.3

2.6.28.3

Linux Kernel 2.6.28.4

2.6.28.4

Linux Kernel 2.6.28.5

2.6.28.5

Linux Kernel 2.6.28.6

2.6.28.6

Linux Kernel 2.6.28.7

2.6.28.7

Linux Kernel 2.6.28.8

2.6.28.8

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b

52860

RHSA-2009:0473

34422

Vendor Advisory

35015

37471

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9

Vendor Advisory

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

34216

Patch

1022177

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

ADV-2009-0802

Vendor Advisory

ADV-2009-3316

linux-kernel-ecryptfs-information-disclosure(49355)

oval:org.mitre.oval:def:11068

oval:org.mitre.oval:def:8319

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.