CVE - CVE-2008-3275

CVE-ID
CVE-2008-3275	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1020739 URL:http://www.securitytracker.com/id?1020739 MISC:30647 URL:http://www.securityfocus.com/bid/30647 MISC:31551 URL:http://secunia.com/advisories/31551 MISC:31614 URL:http://secunia.com/advisories/31614 MISC:31836 URL:http://secunia.com/advisories/31836 MISC:31881 URL:http://secunia.com/advisories/31881 MISC:32023 URL:http://secunia.com/advisories/32023 MISC:32104 URL:http://secunia.com/advisories/32104 MISC:32190 URL:http://secunia.com/advisories/32190 MISC:32344 URL:http://secunia.com/advisories/32344 MISC:33201 URL:http://secunia.com/advisories/33201 MISC:33280 URL:http://secunia.com/advisories/33280 MISC:33556 URL:http://secunia.com/advisories/33556 MISC:ADV-2008-2430 URL:~~http://www.vupen.com/english/advisories/2008/2430~~ (Obsolete source) MISC:DSA-1630 URL:http://www.debian.org/security/2008/dsa-1630 MISC:DSA-1636 URL:http://www.debian.org/security/2008/dsa-1636 MISC:MDVSA-2008:220 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:220~~ (Obsolete source) MISC:RHSA-2008:0787 URL:http://www.redhat.com/support/errata/RHSA-2008-0787.html MISC:RHSA-2008:0857 URL:http://www.redhat.com/support/errata/RHSA-2008-0857.html MISC:RHSA-2008:0885 URL:http://www.redhat.com/support/errata/RHSA-2008-0885.html MISC:RHSA-2008:0973 URL:http://www.redhat.com/support/errata/RHSA-2008-0973.html MISC:RHSA-2009:0014 URL:http://www.redhat.com/support/errata/RHSA-2009-0014.html MISC:SUSE-SA:2008:048 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html MISC:SUSE-SA:2008:049 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html MISC:USN-637-1 URL:https://usn.ubuntu.com/637-1/ MISC:[linux-kernel] 20080702 Is VFS behavior fine? URL:http://lkml.org/lkml/2008/7/2/83 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77 MISC:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15 URL:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=457858 URL:https://bugzilla.redhat.com/show_bug.cgi?id=457858 MISC:linux-kernel-ubifs-dos(44410) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44410 MISC:oval:org.mitre.oval:def:10744 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744 MISC:oval:org.mitre.oval:def:6551 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551
Assigning CNA
Red Hat, Inc.
Date Record Created
20080724	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080724)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)