Lucene search

K
cveRedhatCVE-2009-2908
HistoryOct 13, 2009 - 10:30 a.m.

CVE-2009-2908

2009-10-1310:30:00
redhat
web.nvd.nist.gov
71
cve-2009-2908
linux kernel
ecryptfs
denial of service
kernel oops
arbitrary code
null pointer dereference

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.2

Confidence

High

EPSS

0

Percentile

10.1%

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a β€œnegative dentry” and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch2.6.31
VendorProductVersionCPE
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*

References

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.2

Confidence

High

EPSS

0

Percentile

10.1%