CVE-2009-2649

NameCVE-2009-2649
DescriptionThe IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
NVD severitymedium (attack range: local)
Debian Bugs572811
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kfreebsd-8 (PTS)squeeze8.1+dfsg-8+squeeze4fixed
squeeze (security)8.1+dfsg-8+squeeze3fixed
wheezy8.3-6+deb7u1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kfreebsd-6source(unstable)(unfixed)medium572811
kfreebsd-7source(unstable)7.3-1medium572811
kfreebsd-8source(unstable)8.0-1medium572811

Notes

[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)

Search for package or bug name: Reporting problems