Vulnerability-Lookup

CVE-2008-3528 (GCVE-0-2008-3528)

Vulnerability from cvelistv5 – Published: 2008-09-27 00:00 – Updated: 2024-08-07 09:45

Summary

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/32998	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/09/18/2	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2009-03…	vendor-advisoryx_refsource_REDHAT
	http://lkml.org/lkml/2008/9/17/371	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	http://lkml.org/lkml/2008/9/13/98	mailing-listx_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2008-0972.html	vendor-advisoryx_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/33758	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-00…	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=459577	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/usn-662-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/33586	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32509	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/32709	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1687	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/32356	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://wiki.rpath.com/Advisories:rPSA-2008-0316	x_refsource_CONFIRM
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316	x_refsource_CONFIRM
	http://secunia.com/advisories/32759	third-party-advisoryx_refsource_SECUNIA
	http://lkml.org/lkml/2008/9/13/99	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/33180	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32370	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/32799	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2008/dsa-1681	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/498285/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:17.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32998",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32998"
          },
          {
            "name": "[oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
          },
          {
            "name": "RHSA-2009:0326",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
          },
          {
            "name": "[linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2008/9/17/371"
          },
          {
            "name": "MDVSA-2008:224",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "[linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2008/9/13/98"
          },
          {
            "name": "RHSA-2008:0972",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "SUSE-SA:2008:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
          },
          {
            "name": "33758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33758"
          },
          {
            "name": "RHSA-2009:0009",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
          },
          {
            "name": "SUSE-SA:2008:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
          },
          {
            "name": "kernel-errorreporting-dos(45720)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
          },
          {
            "name": "SUSE-SA:2008:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
          },
          {
            "name": "USN-662-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-662-1"
          },
          {
            "name": "33586",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33586"
          },
          {
            "name": "32509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32509"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "32709",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32709"
          },
          {
            "name": "DSA-1687",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1687"
          },
          {
            "name": "32356",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32356"
          },
          {
            "name": "oval:org.mitre.oval:def:8642",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
          },
          {
            "name": "oval:org.mitre.oval:def:10852",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
          },
          {
            "name": "32759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32759"
          },
          {
            "name": "[linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2008/9/13/99"
          },
          {
            "name": "33180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33180"
          },
          {
            "name": "32370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32370"
          },
          {
            "name": "SUSE-SA:2008:051",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
          },
          {
            "name": "32799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32799"
          },
          {
            "name": "SUSE-SA:2008:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
          },
          {
            "name": "SUSE-SR:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
          },
          {
            "name": "DSA-1681",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1681"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "20081112 rPSA-2008-0316-1 kernel",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations.  NOTE: there are limited scenarios in which this crosses privilege boundaries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "32998",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32998"
        },
        {
          "name": "[oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
        },
        {
          "name": "RHSA-2009:0326",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
        },
        {
          "name": "[linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2008/9/17/371"
        },
        {
          "name": "MDVSA-2008:224",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "[linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2008/9/13/98"
        },
        {
          "name": "RHSA-2008:0972",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "SUSE-SA:2008:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
        },
        {
          "name": "33758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33758"
        },
        {
          "name": "RHSA-2009:0009",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
        },
        {
          "name": "SUSE-SA:2008:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
        },
        {
          "name": "kernel-errorreporting-dos(45720)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
        },
        {
          "name": "SUSE-SA:2008:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
        },
        {
          "name": "USN-662-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-662-1"
        },
        {
          "name": "33586",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33586"
        },
        {
          "name": "32509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32509"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "32709",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32709"
        },
        {
          "name": "DSA-1687",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1687"
        },
        {
          "name": "32356",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32356"
        },
        {
          "name": "oval:org.mitre.oval:def:8642",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
        },
        {
          "name": "oval:org.mitre.oval:def:10852",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
        },
        {
          "name": "32759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32759"
        },
        {
          "name": "[linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2008/9/13/99"
        },
        {
          "name": "33180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33180"
        },
        {
          "name": "32370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32370"
        },
        {
          "name": "SUSE-SA:2008:051",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
        },
        {
          "name": "32799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32799"
        },
        {
          "name": "SUSE-SA:2008:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
        },
        {
          "name": "SUSE-SR:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
        },
        {
          "name": "DSA-1681",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1681"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "name": "20081112 rPSA-2008-0316-1 kernel",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3528",
    "datePublished": "2008-09-27T00:00:00.000Z",
    "dateReserved": "2008-08-07T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:45:17.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2008-3528

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3528

Aliases

CVE-2008-3528

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3528",
    "description": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations.  NOTE: there are limited scenarios in which this crosses privilege boundaries.",
    "id": "GSD-2008-3528",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3528.html",
      "https://www.debian.org/security/2008/dsa-1687",
      "https://www.debian.org/security/2008/dsa-1681",
      "https://access.redhat.com/errata/RHSA-2009:0326",
      "https://access.redhat.com/errata/RHSA-2009:0009",
      "https://access.redhat.com/errata/RHSA-2008:0972",
      "https://linux.oracle.com/cve/CVE-2008-3528.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3528"
      ],
      "details": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.",
      "id": "GSD-2008-3528",
      "modified": "2023-12-13T01:23:05.937805Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-3528",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
          },
          {
            "name": "http://secunia.com/advisories/32759",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32759"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/3316",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "http://secunia.com/advisories/37471",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2008-0972.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
          },
          {
            "name": "http://secunia.com/advisories/32370",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32370"
          },
          {
            "name": "http://secunia.com/advisories/32799",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32799"
          },
          {
            "name": "http://secunia.com/advisories/33586",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33586"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-0009.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
          },
          {
            "name": "http://secunia.com/advisories/33180",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33180"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1687",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1687"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
          },
          {
            "name": "http://lkml.org/lkml/2008/9/13/98",
            "refsource": "MISC",
            "url": "http://lkml.org/lkml/2008/9/13/98"
          },
          {
            "name": "http://lkml.org/lkml/2008/9/13/99",
            "refsource": "MISC",
            "url": "http://lkml.org/lkml/2008/9/13/99"
          },
          {
            "name": "http://lkml.org/lkml/2008/9/17/371",
            "refsource": "MISC",
            "url": "http://lkml.org/lkml/2008/9/17/371"
          },
          {
            "name": "http://secunia.com/advisories/32356",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32356"
          },
          {
            "name": "http://secunia.com/advisories/32509",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32509"
          },
          {
            "name": "http://secunia.com/advisories/32709",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32709"
          },
          {
            "name": "http://secunia.com/advisories/32998",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32998"
          },
          {
            "name": "http://secunia.com/advisories/33758",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33758"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0316",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1681",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1681"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2008/09/18/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-0326.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/498285/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-662-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-662-1"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=459577",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.26.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-3528"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lkml.org/lkml/2008/9/17/371"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=459577",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
            },
            {
              "name": "[linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://lkml.org/lkml/2008/9/13/99"
            },
            {
              "name": "[oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
            },
            {
              "name": "[linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://lkml.org/lkml/2008/9/13/98"
            },
            {
              "name": "SUSE-SA:2008:053",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
            },
            {
              "name": "USN-662-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-662-1"
            },
            {
              "name": "32509",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32509"
            },
            {
              "name": "MDVSA-2008:224",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
            },
            {
              "name": "32709",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32709"
            },
            {
              "name": "32759",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32759"
            },
            {
              "name": "RHSA-2008:0972",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
            },
            {
              "name": "SUSE-SR:2008:025",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
            },
            {
              "name": "32799",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32799"
            },
            {
              "name": "SUSE-SA:2008:057",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0316",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
            },
            {
              "name": "33180",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33180"
            },
            {
              "name": "DSA-1687",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1687"
            },
            {
              "name": "32998",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32998"
            },
            {
              "name": "DSA-1681",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1681"
            },
            {
              "name": "SUSE-SA:2008:056",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
            },
            {
              "name": "RHSA-2009:0009",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
            },
            {
              "name": "33586",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33586"
            },
            {
              "name": "RHSA-2009:0326",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
            },
            {
              "name": "33758",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33758"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "32356",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32356"
            },
            {
              "name": "SUSE-SA:2008:051",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
            },
            {
              "name": "SUSE-SA:2008:052",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
            },
            {
              "name": "32370",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32370"
            },
            {
              "name": "kernel-errorreporting-dos(45720)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
            },
            {
              "name": "oval:org.mitre.oval:def:8642",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
            },
            {
              "name": "oval:org.mitre.oval:def:10852",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "20081112 rPSA-2008-0316-1 kernel",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:19Z",
      "publishedDate": "2008-09-27T10:30Z"
    }
  }
}

FKIE_CVE-2008-3528

Vulnerability from fkie_nvd - Published: 2008-09-27 10:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
secalert@redhat.com	http://lkml.org/lkml/2008/9/13/98	Exploit
secalert@redhat.com	http://lkml.org/lkml/2008/9/13/99	Exploit
secalert@redhat.com	http://lkml.org/lkml/2008/9/17/371
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2008-0972.html
secalert@redhat.com	http://secunia.com/advisories/32356
secalert@redhat.com	http://secunia.com/advisories/32370
secalert@redhat.com	http://secunia.com/advisories/32509	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32709	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32759	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32799	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32998	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/33180	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/33586	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/33758	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/37471	Vendor Advisory
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2008-0316
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1681
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1687
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:224
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/09/18/2
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-0009.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-0326.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/498285/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/507985/100/0/threaded
secalert@redhat.com	http://www.ubuntu.com/usn/usn-662-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3316	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=459577
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45720
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lkml.org/lkml/2008/9/13/98	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lkml.org/lkml/2008/9/13/99	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lkml.org/lkml/2008/9/17/371
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2008-0972.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32356
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32370
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32509	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32709	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32799	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32998	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33180	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33586	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33758	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37471	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2008-0316
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1681
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1687
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:224
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/09/18/2
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0009.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0326.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/498285/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-662-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=459577
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45720
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	2.6.26.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D08D180-23F7-456F-98CA-26B53C678D76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations.  NOTE: there are limited scenarios in which this crosses privilege boundaries."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de error de informe en (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, y posiblemente en (3) fs/ext4/dir.c en el kernet de Linux v2.6.26.5 no limita el n\u00famero de mensajes de consola printk que informa de la corrupci\u00f3n de directorio, lo cual permite a atacantes aproximarse f\u00edsicamente para causar denegaci\u00f3n de servicio (cuelgue temporal del sistema) montando un archivo de sistema corrupto con valores dir-\u003ei_size y dir-\u003ei_blocks e interpretando operaciones de (a) lectura o (b) escritura.  NOTA: hay escenarios limitados en los cuales estos cruzan los l\u00edmites de privilegios."
    }
  ],
  "id": "CVE-2008-3528",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-27T10:30:03.303",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://lkml.org/lkml/2008/9/13/98"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://lkml.org/lkml/2008/9/13/99"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lkml.org/lkml/2008/9/17/371"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32356"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32370"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32509"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32709"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32799"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32998"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33180"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33586"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33758"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1681"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1687"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-662-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lkml.org/lkml/2008/9/13/98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lkml.org/lkml/2008/9/13/99"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lkml.org/lkml/2008/9/17/371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-662-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2X4M-CRJ8-2RPP

Vulnerability from github – Published: 2022-05-02 00:00 – Updated: 2022-05-02 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3528"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-27T10:30:00Z",
    "severity": "LOW"
  },
  "details": "The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-\u003ei_size and dir-\u003ei_blocks values and performing (a) read or (b) write operations.  NOTE: there are limited scenarios in which this crosses privilege boundaries.",
  "id": "GHSA-2x4m-crj8-2rpp",
  "modified": "2022-05-02T00:00:57Z",
  "published": "2022-05-02T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3528"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459577"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45720"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lkml.org/lkml/2008/9/13/98"
    },
    {
      "type": "WEB",
      "url": "http://lkml.org/lkml/2008/9/13/99"
    },
    {
      "type": "WEB",
      "url": "http://lkml.org/lkml/2008/9/17/371"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0972.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32356"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32370"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32509"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32709"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32799"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32998"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33180"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33586"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33758"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1681"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1687"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/18/2"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-662-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3528 (GCVE-0-2008-3528)

GSD-2008-3528

FKIE_CVE-2008-3528

GHSA-2X4M-CRJ8-2RPP

CERTA-2009-AVI-513

Description

Solution

Tags

Sightings

Nomenclature