Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0747

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2009-0747
Last Modified 22 Jan 2013 11:13:24
Published 27 Feb 2009 12:30:09
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0747

Summary

The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.27

  • Linux Kernel 2.6.27.1

  • Linux Kernel 2.6.27.10

  • Linux Kernel 2.6.27.11

  • Linux Kernel 2.6.27.12

  • Linux Kernel 2.6.27.13

  • Linux Kernel 2.6.27.14

  • Linux Kernel 2.6.27.15

  • Linux Kernel 2.6.27.16

  • Linux Kernel 2.6.27.17

  • Linux Kernel 2.6.27.18

  • Linux Kernel 2.6.27.2

  • Linux Kernel 2.6.27.3

  • Linux Kernel 2.6.27.4

  • Linux Kernel 2.6.27.5

  • Linux Kernel 2.6.27.6

  • Linux Kernel 2.6.27.7

  • Linux Kernel 2.6.27.8

  • Linux Kernel 2.6.27.9

  • Linux Kernel 2.6.28

  • Linux Kernel 2.6.28.1

  • Linux Kernel 2.6.28.2

  • Linux Kernel 2.6.28.3

  • Linux Kernel 2.6.28.4

  • Linux Kernel 2.6.28.5

  • Linux Kernel 2.6.28.6


References

CONFIRM - http://bugzilla.kernel.org/show_bug.cgi?id=12375

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-0509

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-751-1

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

DEBIAN - DSA-1749

SECUNIA - 37471

SECUNIA - 34394

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c

SECUNIA - 36562

REDHAT - RHSA-2009:1243


Last Updated: 27 May 2016 10:49:34