Lucene search

[email protected]CVE-2008-3528

HistorySep 27, 2008 - 10:30 a.m.

CVE-2008-3528

2008-09-2710:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-3528

linux kernel

directory corruption

denial of service

filesystem

privilege boundaries

nvd

4.8 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.1%

JSON

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.26.5

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.26.5

References

lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html

lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html

lkml.org/lkml/2008/9/13/98

lkml.org/lkml/2008/9/13/99

lkml.org/lkml/2008/9/17/371

rhn.redhat.com/errata/RHSA-2008-0972.html

secunia.com/advisories/32356

secunia.com/advisories/32370

secunia.com/advisories/32509

secunia.com/advisories/32709

secunia.com/advisories/32759

secunia.com/advisories/32799

secunia.com/advisories/32998

secunia.com/advisories/33180

secunia.com/advisories/33586

secunia.com/advisories/33758

secunia.com/advisories/37471

wiki.rpath.com/Advisories:rPSA-2008-0316

wiki.rpath.com/wiki/Advisories:rPSA-2008-0316

www.debian.org/security/2008/dsa-1681

www.debian.org/security/2008/dsa-1687

www.mandriva.com/security/advisories?name=MDVSA-2008:224

www.openwall.com/lists/oss-security/2008/09/18/2

www.redhat.com/support/errata/RHSA-2009-0009.html

www.redhat.com/support/errata/RHSA-2009-0326.html

www.securityfocus.com/archive/1/498285/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.ubuntu.com/usn/usn-662-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/3316

bugzilla.redhat.com/show_bug.cgi?id=459577

exchange.xforce.ibmcloud.com/vulnerabilities/45720

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642

4.8 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.1%

JSON

Related for CVE-2008-3528

prion1 veracode1 ubuntucve1 securityvulns2 nessus22 ubuntu1 openvas37 suse5 oraclelinux3 redhat3 centos2 fedora4 debian2 osv2 vmware2