oss-security - CVE-2009-4067 kernel: usb: buffer overflow in auerswald

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Fri, 15 Jul 2011 16:03:07 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-4067 kernel: usb: buffer overflow in auerswald_probe()

A buffer overflow flaw was found in the Linux kernel's Auerswald
PBX/System Telephone usb driver implementation. There's no upstream
patch as the affected driver was removed from the kernel in 2.6.27.

For more information, check out the references:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4067
http://labs.mwrinfosecurity.com/files/Advisories/mwri_linux-usb-buffer-overflow_2009-10-29.pdf
https://bugzilla.redhat.com/CVE-2009-4067

(Attention Steve:) Looks like MITRE assigned this CVE to the reporter on
Nov 24, 2009, but did not update their CVE database entry for this since
then. Fortunately this is not a critical issue...

Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.