CVE - CVE-2008-3528

CVE-ID
CVE-2008-3528	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20081112 rPSA-2008-0316-1 kernel URL:http://www.securityfocus.com/archive/1/498285/100/0/threaded MISC:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded MISC:32356 URL:http://secunia.com/advisories/32356 MISC:32370 URL:http://secunia.com/advisories/32370 MISC:32509 URL:http://secunia.com/advisories/32509 MISC:32709 URL:http://secunia.com/advisories/32709 MISC:32759 URL:http://secunia.com/advisories/32759 MISC:32799 URL:http://secunia.com/advisories/32799 MISC:32998 URL:http://secunia.com/advisories/32998 MISC:33180 URL:http://secunia.com/advisories/33180 MISC:33586 URL:http://secunia.com/advisories/33586 MISC:33758 URL:http://secunia.com/advisories/33758 MISC:37471 URL:http://secunia.com/advisories/37471 MISC:ADV-2009-3316 URL:~~http://www.vupen.com/english/advisories/2009/3316~~ (Obsolete source) MISC:DSA-1681 URL:http://www.debian.org/security/2008/dsa-1681 MISC:DSA-1687 URL:http://www.debian.org/security/2008/dsa-1687 MISC:MDVSA-2008:224 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:224~~ (Obsolete source) MISC:RHSA-2008:0972 URL:http://rhn.redhat.com/errata/RHSA-2008-0972.html MISC:RHSA-2009:0009 URL:http://www.redhat.com/support/errata/RHSA-2009-0009.html MISC:RHSA-2009:0326 URL:http://www.redhat.com/support/errata/RHSA-2009-0326.html MISC:SUSE-SA:2008:051 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html MISC:SUSE-SA:2008:052 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html MISC:SUSE-SA:2008:053 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html MISC:SUSE-SA:2008:056 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html MISC:SUSE-SA:2008:057 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html MISC:SUSE-SR:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html MISC:USN-662-1 URL:http://www.ubuntu.com/usn/usn-662-1 MISC:[linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption URL:http://lkml.org/lkml/2008/9/13/98 MISC:[linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption URL:http://lkml.org/lkml/2008/9/13/99 MISC:[linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption URL:http://lkml.org/lkml/2008/9/17/371 MISC:[oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS URL:http://www.openwall.com/lists/oss-security/2008/09/18/2 MISC:http://wiki.rpath.com/Advisories:rPSA-2008-0316 URL:http://wiki.rpath.com/Advisories:rPSA-2008-0316 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316 MISC:http://www.vmware.com/security/advisories/VMSA-2009-0016.html URL:http://www.vmware.com/security/advisories/VMSA-2009-0016.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=459577 URL:https://bugzilla.redhat.com/show_bug.cgi?id=459577 MISC:kernel-errorreporting-dos(45720) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45720 MISC:oval:org.mitre.oval:def:10852 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852 MISC:oval:org.mitre.oval:def:8642 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642
Assigning CNA
Red Hat, Inc.
Date Record Created
20080807	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080807)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)