Launchpad CVE tracker

CVE 2009-2407

Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.

Related bugs and status

CVE-2009-2407 (Candidate) is related to these bugs:

Bug #403647: compiled without -fno-delete-null-pointer-checks

		In	Importance	Status
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Dapper)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Hardy)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Jaunty)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Karmic)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Intrepid)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Dapper)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Hardy)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Intrepid)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Jaunty)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Karmic)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-2407

References