Skip to navigation

Search

Advanced Search

Register or Log in
Help

Log out
Help
Your account
- Account number
- Account settings

Home
Knowledge
Technical Resources

Knowledgebase

Product Documentation

Tech Briefs

Reference Architectures

Support Essentials

Videos

Source
Additional Resources

Certified Hardware

Webinars

Success Stories

Training
Groups
Online User Groups

Groups Dashboard

Red Hat Enterprise Linux

Red Hat Enterprise Linux 7 Ideas

JBoss Enterprise Middleware

Red Hat Enterprise Virtualization

Getting Started with Red Hat

Site Suggestions
Other

Groups FAQ

Rules of Engagement
Support
Support Cases

Create a New Case

View Support Cases

Phone Numbers & Hours

Severity Definitions

Support Programs

Production Support

Development Support

Technical Account Management

Hardware Certification
Product Life Cycles

Life Cycle & Update Policies

Supported Environments

Certified Hardware

Support Essentials

JBoss Supported Configurations
Help & Assistance

Getting Started

Contacting Red Hat

Management Escalation

Support FAQs

Site Help

Portal FAQs

Login Assistance
Downloads
Red Hat Enterprise Linux

Channels

Downloads

Packages

Evaluations & Demos
JBoss Enterprise Middleware

Downloads

Evaluations & Demos
Red Hat Storage

Downloads

Additional Downloads

Fonts
Security
Security Updates

Active Products

End-of-Life Products

Notifications & Advisories

Resources

CVE Database

Security Measurement

Product Signing (GPG) Keys
Policies & Definitions

Severity Ratings

Backporting Policy
Security Team

Security Response Team

Security Contacts
Subscriptions
Subscriptions

Overview

Active Subscriptions

Renewals

Order History

Activate a New Subscription
Certificate-based Management

Consumers List

Classic Management

Entitlements

Systems

Groups
Organization

Users & Permissions

CVE index by year
- 2012 CVE
- 2011 CVE
- 2010 CVE
- 2009 CVE
- - CVE-2009-2407
- 2008 CVE
- 2007 CVE
- 2006 CVE
- 2005 CVE
- 2004 CVE
- 2003 CVE
- 2002 CVE
- 2001 CVE
- 2000 CVE
- 1999 CVE

CVE Database

CVE-2009-2407

Impact:	Important (classification)
Public:	July 28 2009
Bugzilla:	512885: CVE-2009-2407 kernel: ecryptfs heap overflow in parse_tag_3_packet()

Details

The MITRE CVE dictionary describes this issue as:

Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.

Find out more about CVE-2009-2407 from the MITRE CVE dictionary and NIST NVD.

Statement

The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue.

Red Hat Enterprise Linux 5 was vulnerable to this issue and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1193.html

CVSS v2 metrics

Base Score:	7.2	Base Metrics:	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector:	Local	Confidentiality Impact:	Complete
Access Complexity:	Low	Integrity Impact:	Complete
Authentication:	None	Availability Impact:	Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform	Errata	Release Date
Red Hat Enterprise Linux version 5 (kernel)	RHSA-2009:1193	August 04 2009
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel)	RHSA-2009:1193	August 04 2009

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Red Hat Security Response Team.

Copyright © 2011 Red Hat, Inc.