Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3528

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-3528
Last Modified 29 Oct 2012 11:15:03
Published 27 Sep 2008 06:30:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3528

Summary

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.26.5


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=459577

XF - kernel-errorreporting-dos(45720)

VUPEN - ADV-2009-3316

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-662-1

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20081112 rPSA-2008-0316-1 kernel

REDHAT - RHSA-2009:0326

REDHAT - RHSA-2009:0009

MLIST - [oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS

MANDRIVA - MDVSA-2008:224

DEBIAN - DSA-1687

DEBIAN - DSA-1681

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0316

SECUNIA - 37471

SECUNIA - 33758

SECUNIA - 33586

SECUNIA - 33180

SECUNIA - 32998

SECUNIA - 32799

SECUNIA - 32759

SECUNIA - 32709

SECUNIA - 32509

REDHAT - RHSA-2008:0972

MLIST - [linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption

MLIST - [linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption

MLIST - [linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption

SUSE - SUSE-SA:2008:057

SUSE - SUSE-SA:2008:056

SUSE - SUSE-SR:2008:025

SUSE - SUSE-SA:2008:053

SECUNIA - 32370

SECUNIA - 32356

SUSE - SUSE-SA:2008:052

SUSE - SUSE-SA:2008:051

Related Patches

Novell SUSE 2008:5734 kernel security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:49:34