CVE - CVE-2008-3528

CVE-ID
CVE-2008-3528	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20081112 rPSA-2008-0316-1 kernel URL:http://www.securityfocus.com/archive/1/archive/1/498285/100/0/threaded BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded MLIST:[linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption URL:http://lkml.org/lkml/2008/9/13/98 MLIST:[linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption URL:http://lkml.org/lkml/2008/9/13/99 MLIST:[linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption URL:http://lkml.org/lkml/2008/9/17/371 MLIST:[oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS URL:http://www.openwall.com/lists/oss-security/2008/09/18/2 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=459577 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0316 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html DEBIAN:DSA-1687 URL:http://www.debian.org/security/2008/dsa-1687 DEBIAN:DSA-1681 URL:http://www.debian.org/security/2008/dsa-1681 MANDRIVA:MDVSA-2008:224 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:224 REDHAT:RHSA-2008:0972 URL:http://rhn.redhat.com/errata/RHSA-2008-0972.html REDHAT:RHSA-2009:0009 URL:http://www.redhat.com/support/errata/RHSA-2009-0009.html REDHAT:RHSA-2009:0326 URL:http://www.redhat.com/support/errata/RHSA-2009-0326.html SUSE:SUSE-SA:2008:053 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html SUSE:SUSE-SR:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html SUSE:SUSE-SA:2008:057 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html SUSE:SUSE-SA:2008:056 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html SUSE:SUSE-SA:2008:051 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html SUSE:SUSE-SA:2008:052 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html UBUNTU:USN-662-1 URL:http://www.ubuntu.com/usn/usn-662-1 OVAL:oval:org.mitre.oval:def:10852 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852 OVAL:oval:org.mitre.oval:def:8642 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642 SECUNIA:32509 URL:http://secunia.com/advisories/32509 SECUNIA:32709 URL:http://secunia.com/advisories/32709 SECUNIA:32799 URL:http://secunia.com/advisories/32799 SECUNIA:32759 URL:http://secunia.com/advisories/32759 SECUNIA:33180 URL:http://secunia.com/advisories/33180 SECUNIA:32998 URL:http://secunia.com/advisories/32998 SECUNIA:33586 URL:http://secunia.com/advisories/33586 SECUNIA:33758 URL:http://secunia.com/advisories/33758 SECUNIA:37471 URL:http://secunia.com/advisories/37471 SECUNIA:32356 URL:http://secunia.com/advisories/32356 SECUNIA:32370 URL:http://secunia.com/advisories/32370 VUPEN:ADV-2009-3316 URL:http://www.vupen.com/english/advisories/2009/3316 XF:kernel-errorreporting-dos(45720) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45720
Assigning CNA
N/A
Date Entry Created
20080807	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080807)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2008-3528