CVE-2009-1250 Information

Feb 14, 2021 cve

Description

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 and IBM AFS 3.6 before Patch 19 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced related to use of the ERR_PTR macro.

Reference

http://secunia.com/advisories/34655 http://secunia.com/advisories/34684 http://secunia.com/advisories/36310 http://secunia.com/advisories/42896 http://security.gentoo.org/glsa/glsa-201101-05.xml http://www.debian.org/security/2009/dsa-1768 http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 http://www.openafs.org/security/openafs-sa-2009-002.patch http://www.openafs.org/security/OPENAFS-SA-2009-002.txt http://www.securityfocus.com/bid/34404 http://www.vupen.com/english/advisories/2009/0984 http://www.vupen.com/english/advisories/2011/0117 http://www-01.ibm.com/support/docview.wss?uid=swg21396389 http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123

Share on: