製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenAFS などの製品で使用されるキャッシュマネージャにおけるサービス運用妨害 (DoS) の脆弱性

Title	OpenAFS などの製品で使用されるキャッシュマネージャにおけるサービス運用妨害 (DoS) の脆弱性
Summary	Linux 上で稼動する OpenAFS および IBM AFS のクライアントのキャッシュマネージャは、ERR_PTR マクロに使用に関連する処理に不備があるため、サービス運用妨害 (システムクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、ポインタおよびデリファレンスとして解釈される過度に大きいエラーコード値を伴う RX レスポンスを介して、サービス運用妨害 (システムクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 6, 2009, midnight
Registration Date	Sept. 25, 2012, 5:27 p.m.
Last Update	Sept. 25, 2012, 5:27 p.m.

CVSS2.0 : 危険
Score	7.8
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:C

Affected System

IBM

afs Patch 19 未満の 3.6

OpenAFS

OpenAFS 1.0 から 1.4.8 および 1.5.0 から 1.5.58

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-1250	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250
National Vulnerability Database (NVD)
2	CVE-2009-1250	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1250

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
IBM
1	1396389	http://www-01.ibm.com/support/docview.wss?uid=swg21396389
OpenAFS
2	OpenAFS Security Advisory 2009-002	http://www.openafs.org/security/OPENAFS-SA-2009-002.txt

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-1250

Summary	The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
Publication Date	April 9, 2009, 9:30 a.m.
Registration Date	Jan. 29, 2021, 1:16 p.m.
Last Update	Jan. 26, 2011, 3:35 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ibm:afs:3.6:::::::*
cpe:2.3:a:ibm:afs:3.6:patch12::::::
cpe:2.3:a:ibm:afs:3.6:patch13::::::
cpe:2.3:a:ibm:afs:3.6:patch14::::::
cpe:2.3:a:ibm:afs:3.6:patch15::::::
cpe:2.3:a:ibm:afs:3.6:patch16::::::
cpe:2.3:a:ibm:afs::patch18::::::*			3.6
cpe:2.3:a:openafs:openafs:1.0:::::::*
cpe:2.3:a:openafs:openafs:1.0.1:::::::*
cpe:2.3:a:openafs:openafs:1.0.2:::::::*
cpe:2.3:a:openafs:openafs:1.0.3:::::::*
cpe:2.3:a:openafs:openafs:1.0.4:::::::*
cpe:2.3:a:openafs:openafs:1.0.4a:::::::*
cpe:2.3:a:openafs:openafs:1.1:::::::*
cpe:2.3:a:openafs:openafs:1.1.0:::::::*
cpe:2.3:a:openafs:openafs:1.1.1:::::::*
cpe:2.3:a:openafs:openafs:1.1.1a:::::::*
cpe:2.3:a:openafs:openafs:1.2:::::::*
cpe:2.3:a:openafs:openafs:1.2.1:::::::*
cpe:2.3:a:openafs:openafs:1.2.2:::::::*
cpe:2.3:a:openafs:openafs:1.2.2a:::::::*
cpe:2.3:a:openafs:openafs:1.2.2b:::::::*
cpe:2.3:a:openafs:openafs:1.2.3:::::::*
cpe:2.3:a:openafs:openafs:1.2.4:::::::*
cpe:2.3:a:openafs:openafs:1.2.5:::::::*
cpe:2.3:a:openafs:openafs:1.2.6:::::::*
cpe:2.3:a:openafs:openafs:1.2.7:::::::*
cpe:2.3:a:openafs:openafs:1.2.8:::::::*
cpe:2.3:a:openafs:openafs:1.2.9:::::::*
cpe:2.3:a:openafs:openafs:1.2.10:::::::*
cpe:2.3:a:openafs:openafs:1.2.11:::::::*
cpe:2.3:a:openafs:openafs:1.2.13:::::::*
cpe:2.3:a:openafs:openafs:1.3:::::::*
cpe:2.3:a:openafs:openafs:1.3.1:::::::*
cpe:2.3:a:openafs:openafs:1.3.2:::::::*
cpe:2.3:a:openafs:openafs:1.3.5:::::::*
cpe:2.3:a:openafs:openafs:1.3.70:::::::*
cpe:2.3:a:openafs:openafs:1.3.74:::::::*
cpe:2.3:a:openafs:openafs:1.3.77:::::::*
cpe:2.3:a:openafs:openafs:1.3.81:::::::*
cpe:2.3:a:openafs:openafs:1.4:::::::*
cpe:2.3:a:openafs:openafs:1.4.0:::::::*
cpe:2.3:a:openafs:openafs:1.4.3:::::::*
cpe:2.3:a:openafs:openafs:1.4.4:::::::*
cpe:2.3:a:openafs:openafs:1.4.5:::::::*
cpe:2.3:a:openafs:openafs:1.4.6:::::::*
cpe:2.3:a:openafs:openafs:1.4.7:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre1:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre2:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre3:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre4:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre5:::::::*
cpe:2.3:a:openafs:openafs:1.4.8:::::::*
cpe:2.3:a:openafs:openafs:1.4.8_pre1:::::::*
cpe:2.3:a:openafs:openafs:1.4.8_pre2:::::::*
cpe:2.3:a:openafs:openafs:1.4.8_pre3:::::::*
cpe:2.3:a:openafs:openafs:1.5:::::::*
cpe:2.3:a:openafs:openafs:1.5.16:::::::*
cpe:2.3:a:openafs:openafs:1.5.17:::::::*
cpe:2.3:a:openafs:openafs:1.5.26:::::::*
cpe:2.3:a:openafs:openafs:1.5.27:::::::*
cpe:2.3:a:openafs:openafs:1.5.30:::::::*
cpe:2.3:a:openafs:openafs:1.5.31:::::::*
cpe:2.3:a:openafs:openafs:1.5.32:::::::*
cpe:2.3:a:openafs:openafs:1.5.33:::::::*
cpe:2.3:a:openafs:openafs:1.5.34:::::::*
cpe:2.3:a:openafs:openafs:1.5.35:::::::*
cpe:2.3:a:openafs:openafs:1.5.36:::::::*
cpe:2.3:a:openafs:openafs:1.5.38:::::::*
cpe:2.3:a:openafs:openafs:1.5.39:::::::*
cpe:2.3:a:openafs:openafs:1.5.50:::::::*
cpe:2.3:a:openafs:openafs:1.5.52:::::::*
cpe:2.3:a:openafs:openafs:1.5.53:::::::*
cpe:2.3:a:openafs:openafs:1.5.54:::::::*
cpe:2.3:a:openafs:openafs:1.5.55:::::::*
cpe:2.3:a:openafs:openafs:1.5.56:::::::*
cpe:2.3:a:openafs:openafs:1.5.57:::::::*
cpe:2.3:a:openafs:openafs:1.5.58:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/34655	SECUNIA
2	http://secunia.com/advisories/34684	SECUNIA
3	http://secunia.com/advisories/36310	SECUNIA
4	http://secunia.com/advisories/42896	SECUNIA
5	http://security.gentoo.org/glsa/glsa-201101-05.xml	GENTOO
6	http://www.debian.org/security/2009/dsa-1768	DEBIAN
7	http://www.mandriva.com/security/advisories?name=MDVSA-2009:099	MANDRIVA
8	http://www.openafs.org/security/openafs-sa-2009-002.patch	CONFIRM	Exploit
9	http://www.openafs.org/security/OPENAFS-SA-2009-002.txt	CONFIRM
10	http://www.securityfocus.com/bid/34404	BID
11	http://www.vupen.com/english/advisories/2009/0984	VUPEN
12	http://www.vupen.com/english/advisories/2011/0117	VUPEN
13	http://www-01.ibm.com/support/docview.wss?uid=swg21396389	CONFIRM
14	http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123	AIXAPAR

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ibm:afs:3.6:::::::*
cpe:2.3:a:ibm:afs:3.6:patch12::::::
cpe:2.3:a:ibm:afs:3.6:patch13::::::
cpe:2.3:a:ibm:afs:3.6:patch14::::::
cpe:2.3:a:ibm:afs:3.6:patch15::::::
cpe:2.3:a:ibm:afs:3.6:patch16::::::
cpe:2.3:a:ibm:afs::patch18::::::*			3.6
cpe:2.3:a:openafs:openafs:1.0:::::::*
cpe:2.3:a:openafs:openafs:1.0.1:::::::*
cpe:2.3:a:openafs:openafs:1.0.2:::::::*
cpe:2.3:a:openafs:openafs:1.0.3:::::::*
cpe:2.3:a:openafs:openafs:1.0.4:::::::*
cpe:2.3:a:openafs:openafs:1.0.4a:::::::*
cpe:2.3:a:openafs:openafs:1.1:::::::*
cpe:2.3:a:openafs:openafs:1.1.0:::::::*
cpe:2.3:a:openafs:openafs:1.1.1:::::::*
cpe:2.3:a:openafs:openafs:1.1.1a:::::::*
cpe:2.3:a:openafs:openafs:1.2:::::::*
cpe:2.3:a:openafs:openafs:1.2.1:::::::*
cpe:2.3:a:openafs:openafs:1.2.2:::::::*
cpe:2.3:a:openafs:openafs:1.2.2a:::::::*
cpe:2.3:a:openafs:openafs:1.2.2b:::::::*
cpe:2.3:a:openafs:openafs:1.2.3:::::::*
cpe:2.3:a:openafs:openafs:1.2.4:::::::*
cpe:2.3:a:openafs:openafs:1.2.5:::::::*
cpe:2.3:a:openafs:openafs:1.2.6:::::::*
cpe:2.3:a:openafs:openafs:1.2.7:::::::*
cpe:2.3:a:openafs:openafs:1.2.8:::::::*
cpe:2.3:a:openafs:openafs:1.2.9:::::::*
cpe:2.3:a:openafs:openafs:1.2.10:::::::*
cpe:2.3:a:openafs:openafs:1.2.11:::::::*
cpe:2.3:a:openafs:openafs:1.2.13:::::::*
cpe:2.3:a:openafs:openafs:1.3:::::::*
cpe:2.3:a:openafs:openafs:1.3.1:::::::*
cpe:2.3:a:openafs:openafs:1.3.2:::::::*
cpe:2.3:a:openafs:openafs:1.3.5:::::::*
cpe:2.3:a:openafs:openafs:1.3.70:::::::*
cpe:2.3:a:openafs:openafs:1.3.74:::::::*
cpe:2.3:a:openafs:openafs:1.3.77:::::::*
cpe:2.3:a:openafs:openafs:1.3.81:::::::*
cpe:2.3:a:openafs:openafs:1.4:::::::*
cpe:2.3:a:openafs:openafs:1.4.0:::::::*
cpe:2.3:a:openafs:openafs:1.4.3:::::::*
cpe:2.3:a:openafs:openafs:1.4.4:::::::*
cpe:2.3:a:openafs:openafs:1.4.5:::::::*
cpe:2.3:a:openafs:openafs:1.4.6:::::::*
cpe:2.3:a:openafs:openafs:1.4.7:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre1:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre2:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre3:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre4:::::::*
cpe:2.3:a:openafs:openafs:1.4.7_pre5:::::::*
cpe:2.3:a:openafs:openafs:1.4.8:::::::*
cpe:2.3:a:openafs:openafs:1.4.8_pre1:::::::*
cpe:2.3:a:openafs:openafs:1.4.8_pre2:::::::*
cpe:2.3:a:openafs:openafs:1.4.8_pre3:::::::*
cpe:2.3:a:openafs:openafs:1.5:::::::*
cpe:2.3:a:openafs:openafs:1.5.16:::::::*
cpe:2.3:a:openafs:openafs:1.5.17:::::::*
cpe:2.3:a:openafs:openafs:1.5.26:::::::*
cpe:2.3:a:openafs:openafs:1.5.27:::::::*
cpe:2.3:a:openafs:openafs:1.5.30:::::::*
cpe:2.3:a:openafs:openafs:1.5.31:::::::*
cpe:2.3:a:openafs:openafs:1.5.32:::::::*
cpe:2.3:a:openafs:openafs:1.5.33:::::::*
cpe:2.3:a:openafs:openafs:1.5.34:::::::*
cpe:2.3:a:openafs:openafs:1.5.35:::::::*
cpe:2.3:a:openafs:openafs:1.5.36:::::::*
cpe:2.3:a:openafs:openafs:1.5.38:::::::*
cpe:2.3:a:openafs:openafs:1.5.39:::::::*
cpe:2.3:a:openafs:openafs:1.5.50:::::::*
cpe:2.3:a:openafs:openafs:1.5.52:::::::*
cpe:2.3:a:openafs:openafs:1.5.53:::::::*
cpe:2.3:a:openafs:openafs:1.5.54:::::::*
cpe:2.3:a:openafs:openafs:1.5.55:::::::*
cpe:2.3:a:openafs:openafs:1.5.56:::::::*
cpe:2.3:a:openafs:openafs:1.5.57:::::::*
cpe:2.3:a:openafs:openafs:1.5.58:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel::::::::