| ID |
CVE-2009-1046
|
| Summary |
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.7 (as of 31-05-2016 - 15:08) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:M/Au:N/C:N/I:N/A:C
|
| redhat
via4
|
| advisories | | | rpms | - kernel-rt-0:2.6.24.7-111.el5rt
- kernel-rt-debug-0:2.6.24.7-111.el5rt
- kernel-rt-debug-debuginfo-0:2.6.24.7-111.el5rt
- kernel-rt-debug-devel-0:2.6.24.7-111.el5rt
- kernel-rt-debuginfo-0:2.6.24.7-111.el5rt
- kernel-rt-debuginfo-common-0:2.6.24.7-111.el5rt
- kernel-rt-devel-0:2.6.24.7-111.el5rt
- kernel-rt-doc-0:2.6.24.7-111.el5rt
- kernel-rt-trace-0:2.6.24.7-111.el5rt
- kernel-rt-trace-debuginfo-0:2.6.24.7-111.el5rt
- kernel-rt-trace-devel-0:2.6.24.7-111.el5rt
- kernel-rt-vanilla-0:2.6.24.7-111.el5rt
- kernel-rt-vanilla-debuginfo-0:2.6.24.7-111.el5rt
- kernel-rt-vanilla-devel-0:2.6.24.7-111.el5rt
|
|
| refmap
via4
|
| bid | 33672 | | confirm | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4 | | debian | | | mlist | - [linux-kernel] 20090130 [PATCH] Fix memory corruption in console selection
- [linux-kernel] 20090202 Re: [PATCH] Fix memory corruption in console selection
- [oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel
- [oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel issue
- [oss-security] 20090212 http://www.securityfocus.com/bid/33672/info kernel issue
| | secunia | | | ubuntu | USN-751-1 |
|
| statements
via4
|
| contributor | Tomas Hoger | | lastmodified | 2009-05-19 | | organization | Red Hat | | statement | This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html . |
|
| Last major update |
31-05-2016 - 15:08 |
| Published |
23-03-2009 - 16:30 |
| Last modified |
31-05-2016 - 15:08 |
