CVE-2009-4020

Publication date 4 December 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

From the Ubuntu Security Team

Amerigo Wang discovered that HFS filesystem did not correctly validate disk structures. If a user were tricked into mounting a specially crafted HFS filesystem, a remote attacker could crash the system or gain root privileges.

Status

Package Ubuntu Release Status
linux 9.10 karmic
Fixed 2.6.31-19.56
9.04 jaunty
Fixed 2.6.28-18.59
8.10 intrepid
Fixed 2.6.27-17.45
8.04 LTS hardy
Fixed 2.6.24-27.65
6.06 LTS dapper Not in release
linux-source-2.6.15 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Fixed 2.6.15-55.82

References

Related Ubuntu Security Notices (USN)

    • USN-894-1
    • Linux kernel vulnerabilities
    • 5 February 2010

Other references