Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2908

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2009-2908
Last Modified 19 Mar 2012 12:00:00
Published 13 Oct 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-2908

Summary

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.31


References

BID - 36639

FEDORA - FEDORA-2009-10525

REDHAT - RHSA-2009:1548

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=527534

MISC - https://bugs.launchpad.net/ecryptfs/+bug/387073

XF - kernel-ecryptfs-dos(53693)

VUPEN - ADV-2010-0528

UBUNTU - USN-852-1

MLIST - [oss-security] 20091006 Kernel ecryptfs CVE id (CVE-2009-2908)

SECUNIA - 38834

SECUNIA - 38794

SECUNIA - 37105

SECUNIA - 37075

MLIST - [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=afc2b6932f48f200736d3e36ad66fee0ec733136


Last Updated: 27 May 2016 10:49:34