{
  "threat_severity" : "Important",
  "public_date" : "2009-07-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ecryptfs heap overflow in parse_tag_3_packet()",
    "id" : "512885",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=512885"
  },
  "cvss" : {
    "cvss_base_score" : "7.2",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-130->CWE-122",
  "details" : [ "Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet." ],
  "statement" : "The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue.",
  "acknowledgement" : "Red Hat would like to thank Ramon de C. Valle for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-08-04T00:00:00Z",
    "advisory" : "RHSA-2009:1193",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-128.4.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5.3.Z - Server Only",
    "release_date" : "2009-08-04T00:00:00Z",
    "advisory" : "RHSA-2009:1193",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.3",
    "package" : "kernel-0:2.6.18-128.4.1.el5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-2407\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2407" ],
  "name" : "CVE-2009-2407",
  "csaw" : false
}