CVE - CVE-2008-3275

CVE-ID
CVE-2008-3275	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[linux-kernel] 20080702 Is VFS behavior fine? URL:http://lkml.org/lkml/2008/7/2/83 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d70b67c8bc72ee23b55381bd6a884f4796692f77 CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=457858 DEBIAN:DSA-1636 URL:http://www.debian.org/security/2008/dsa-1636 DEBIAN:DSA-1630 URL:http://www.debian.org/security/2008/dsa-1630 MANDRIVA:MDVSA-2008:220 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 REDHAT:RHSA-2008:0885 URL:http://www.redhat.com/support/errata/RHSA-2008-0885.html REDHAT:RHSA-2008:0857 URL:http://www.redhat.com/support/errata/RHSA-2008-0857.html REDHAT:RHSA-2008:0973 URL:http://www.redhat.com/support/errata/RHSA-2008-0973.html REDHAT:RHSA-2009:0014 URL:http://www.redhat.com/support/errata/RHSA-2009-0014.html REDHAT:RHSA-2008:0787 URL:http://www.redhat.com/support/errata/RHSA-2008-0787.html SUSE:SUSE-SA:2008:048 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html SUSE:SUSE-SA:2008:049 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html UBUNTU:USN-637-1 URL:https://usn.ubuntu.com/637-1/ BID:30647 URL:http://www.securityfocus.com/bid/30647 OVAL:oval:org.mitre.oval:def:10744 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744 OVAL:oval:org.mitre.oval:def:6551 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551 SECUNIA:32344 URL:http://secunia.com/advisories/32344 VUPEN:ADV-2008-2430 URL:http://www.vupen.com/english/advisories/2008/2430 SECTRACK:1020739 URL:http://www.securitytracker.com/id?1020739 SECUNIA:31614 URL:http://secunia.com/advisories/31614 SECUNIA:31881 URL:http://secunia.com/advisories/31881 SECUNIA:32023 URL:http://secunia.com/advisories/32023 SECUNIA:32190 URL:http://secunia.com/advisories/32190 SECUNIA:31836 URL:http://secunia.com/advisories/31836 SECUNIA:31551 URL:http://secunia.com/advisories/31551 SECUNIA:33556 URL:http://secunia.com/advisories/33556 SECUNIA:33201 URL:http://secunia.com/advisories/33201 SECUNIA:32104 URL:http://secunia.com/advisories/32104 SECUNIA:33280 URL:http://secunia.com/advisories/33280 XF:linux-kernel-ubifs-dos(44410) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44410
Assigning CNA
N/A
Date Entry Created
20080724	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080724)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.