{
  "threat_severity" : "Important",
  "public_date" : "2009-07-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ecryptfs stack overflow in parse_tag_11_packet()",
    "id" : "512861",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=512861"
  },
  "cvss" : {
    "cvss_base_score" : "7.2",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-130->CWE-122",
  "details" : [ "Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size." ],
  "statement" : "The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue.",
  "acknowledgement" : "Red Hat would like to thank Ramon de C. Valle for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-08-04T00:00:00Z",
    "advisory" : "RHSA-2009:1193",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-128.4.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5.3.Z - Server Only",
    "release_date" : "2009-08-04T00:00:00Z",
    "advisory" : "RHSA-2009:1193",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.3",
    "package" : "kernel-0:2.6.18-128.4.1.el5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-2406\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2406" ],
  "name" : "CVE-2009-2406",
  "csaw" : false
}