Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-0269

fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.

Security Impact Summary

CVE-2009-0269 is a security vulnerability that . Impacting 4 products from linux, from opensuse, from debian and 1 other, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2009, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2009-01-26T15:30:04.967

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 2.6.28.1	Yes
Operating System	opensuse	opensuse	10.3	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	opensuse	opensuse	11.1	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes

References

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=a17d5232de7b53d34229de79ec22f4bb04adb7e4 Broken Link ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List ([email protected])
http://secunia.com/advisories/33758 Broken Link ([email protected])
http://secunia.com/advisories/34394 Broken Link ([email protected])
http://secunia.com/advisories/34502 Broken Link ([email protected])
http://secunia.com/advisories/34981 Broken Link ([email protected])
http://secunia.com/advisories/35390 Broken Link ([email protected])
http://secunia.com/advisories/35394 Broken Link ([email protected])
http://secunia.com/advisories/37471 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1749 Mailing List ([email protected])
http://www.debian.org/security/2009/dsa-1787 Mailing List ([email protected])
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1 Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0326.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0360.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/507985/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/33412 Broken Link, Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-751-1 Third Party Advisory ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/3316 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/48188 Broken Link, VDB Entry ([email protected])
https://lists.launchpad.net/ecryptfs-devel/msg00010.html Mailing List, Third Party Advisory ([email protected])
https://lists.launchpad.net/ecryptfs-devel/msg00011.html Mailing List, Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8169 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8944 Broken Link ([email protected])
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=a17d5232de7b53d34229de79ec22f4bb04adb7e4 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33758 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34394 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34502 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34981 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35390 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35394 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37471 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1749 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1787 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0326.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0360.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507985/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/33412 Broken Link, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-751-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3316 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48188 Broken Link, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://lists.launchpad.net/ecryptfs-devel/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.launchpad.net/ecryptfs-devel/msg00011.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8169 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8944 Broken Link (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.