Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New Linux 2.6.26 packages fix several vulnerabilities
Informations
Name DSA-1749 First vendor Publication 2009-03-20
Vendor Debian Last vendor Modification 2009-03-20
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-0029

Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges.

CVE-2009-0031

Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory.

CVE-2009-0065

Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. CVE-2009-0269

Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption).

CVE-2009-0322

Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 byts from a sysfs entry.

CVE-2009-0676

Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory.

CVE-2009-0675

Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics.

CVE-2009-0745

Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation.

CVE-2009-0746

Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem.

CVE-2009-0747

David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.

CVE-2009-0748

David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-13lenny2.

For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24.

We recommend that you upgrade your linux-2.6 packages.

Original Source

Url : http://www.debian.org/security/2009/dsa-1749

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-20 Improper Input Validation
25 % CWE-399 Resource Management Errors
17 % CWE-264 Permissions, Privileges, and Access Controls
8 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
8 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10163
 
Oval ID: oval:org.mitre.oval:def:10163
Title: drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.
Description: drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0322
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10342
 
Oval ID: oval:org.mitre.oval:def:10342
Title: The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
Description: The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0746
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10683
 
Oval ID: oval:org.mitre.oval:def:10683
Title: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
Description: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0748
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10872
 
Oval ID: oval:org.mitre.oval:def:10872
Title: Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
Description: Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0065
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10942
 
Oval ID: oval:org.mitre.oval:def:10942
Title: The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
Description: The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0745
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11386
 
Oval ID: oval:org.mitre.oval:def:11386
Title: Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."
Description: Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0031
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11529
 
Oval ID: oval:org.mitre.oval:def:11529
Title: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
Description: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0675
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11653
 
Oval ID: oval:org.mitre.oval:def:11653
Title: The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
Description: The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0676
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13503
 
Oval ID: oval:org.mitre.oval:def:13503
Title: DSA-1749-1 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service. CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service by reading 0 byts from a sysfs entry. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service during a resize operation. CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service when accessing a specially crafted corrupt filesystem. CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service when mounting a specially crafted corrupt filesystem. CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service when mounting a specially crafted corrupt filesystem. For the stable distribution, these problems have been fixed in version 2.6.26-13lenny2. For the oldstable distribution, these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 packages.
Family: unix Class: patch
Reference(s): DSA-1749-1
CVE-2009-0029
CVE-2009-0031
CVE-2009-0065
CVE-2009-0269
CVE-2009-0322
CVE-2009-0676
CVE-2009-0675
CVE-2009-0745
CVE-2009-0746
CVE-2009-0747
CVE-2009-0748
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22754
 
Oval ID: oval:org.mitre.oval:def:22754
Title: ELSA-2009:0264: kernel security update (Important)
Description: Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
Family: unix Class: patch
Reference(s): ELSA-2009:0264-01
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5713
CVE-2009-0031
CVE-2009-0065
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28966
 
Oval ID: oval:org.mitre.oval:def:28966
Title: RHSA-2009:0264 -- kernel security update (Important)
Description: Updated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:0264
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5713
CVE-2009-0031
CVE-2009-0065
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7734
 
Oval ID: oval:org.mitre.oval:def:7734
Title: VMware kernel drivers/firmware/dell_rbu.c vulnerability
Description: drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0322
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7765
 
Oval ID: oval:org.mitre.oval:def:7765
Title: VMware kernel ext4_group_add function vulnerability
Description: The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0745
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8039
 
Oval ID: oval:org.mitre.oval:def:8039
Title: VMware kernel make_indexed_dir function vulnerability
Description: The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0746
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8169
 
Oval ID: oval:org.mitre.oval:def:8169
Title: VMware kernel eCryptfs vulnerability
Description: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0269
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8381
 
Oval ID: oval:org.mitre.oval:def:8381
Title: DSA-1749 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.
Family: unix Class: patch
Reference(s): DSA-1749
CVE-2009-0029
CVE-2009-0031
CVE-2009-0065
CVE-2009-0269
CVE-2009-0322
CVE-2009-0676
CVE-2009-0675
CVE-2009-0745
CVE-2009-0746
CVE-2009-0747
CVE-2009-0748
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8526
 
Oval ID: oval:org.mitre.oval:def:8526
Title: VMware kernel ext4_fill_super function vulnerability
Description: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0748
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8585
 
Oval ID: oval:org.mitre.oval:def:8585
Title: VMware kernel ext4_isize function vulnerability
Description: The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0747
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8618
 
Oval ID: oval:org.mitre.oval:def:8618
Title: VMware kernel sock_getsockopt function vulnerability
Description: The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0676
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8685
 
Oval ID: oval:org.mitre.oval:def:8685
Title: VMware kernel skfp_ioctl function vulnerability
Description: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0675
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8944
 
Oval ID: oval:org.mitre.oval:def:8944
Title: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Description: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0269
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9200
 
Oval ID: oval:org.mitre.oval:def:9200
Title: The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
Description: The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0747
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 2
Os 1112
Os 3

ExploitDB Exploits

id Description
2009-04-28 Linux Kernel 2.6.x SCTP FWD Memory Corruption Remote Exploit

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:0326 centos5 i386
File : nvt/gb_CESA-2009_0326_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1243 centos5 i386
File : nvt/gb_CESA-2009_1243_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:0459 centos4 i386
File : nvt/gb_CESA-2009_0459_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:0331 centos4 i386
File : nvt/gb_CESA-2009_0331_kernel_centos4_i386.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-13098 (kernel)
File : nvt/fcore_2009_13098.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-11038 (kernel)
File : nvt/fcore_2009_11038.nasl
2009-10-19 Name : Fedora Core 10 FEDORA-2009-10525 (kernel)
File : nvt/fcore_2009_10525.nasl
2009-10-13 Name : SLES10: Security update for Linux kernel
File : nvt/sles10_kernel1.nasl
2009-10-11 Name : SLES11: Security update for Linux kernel
File : nvt/sles11_ext4dev-kmp-def.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5046302.nasl
2009-10-06 Name : Fedora Core 10 FEDORA-2009-10165 (kernel)
File : nvt/fcore_2009_10165.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1243 (kernel)
File : nvt/ovcesa2009_1243.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1243
File : nvt/RHSA_2009_1243.nasl
2009-09-02 Name : Fedora Core 10 FEDORA-2009-8647 (kernel)
File : nvt/fcore_2009_8647.nasl
2009-09-02 Name : SuSE Security Advisory SUSE-SA:2009:045 (kernel)
File : nvt/suse_sa_2009_045.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8264 (kernel)
File : nvt/fcore_2009_8264.nasl
2009-06-30 Name : Fedora Core 10 FEDORA-2009-6883 (kernel)
File : nvt/fcore_2009_6883.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:135 (kernel)
File : nvt/mdksa_2009_135.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:030 (kernel)
File : nvt/suse_sa_2009_030.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:031 (kernel)
File : nvt/suse_sa_2009_031.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-5356 (kernel)
File : nvt/fcore_2009_5356.nasl
2009-05-25 Name : RedHat Security Advisory RHSA-2009:1055
File : nvt/RHSA_2009_1055.nasl
2009-05-25 Name : Mandrake Security Advisory MDVSA-2009:118 (kernel)
File : nvt/mdksa_2009_118.nasl
2009-05-11 Name : Debian Security Advisory DSA 1794-1 (linux-2.6)
File : nvt/deb_1794_1.nasl
2009-05-05 Name : Debian Security Advisory DSA 1787-1 (linux-2.6.24)
File : nvt/deb_1787_1.nasl
2009-05-05 Name : RedHat Security Advisory RHSA-2009:0459
File : nvt/RHSA_2009_0459.nasl
2009-05-05 Name : CentOS Security Advisory CESA-2009:0459 (kernel)
File : nvt/ovcesa2009_0459.nasl
2009-04-28 Name : CentOS Security Advisory CESA-2009:0331 (kernel)
File : nvt/ovcesa2009_0331.nasl
2009-04-20 Name : SuSE Security Advisory SUSE-SA:2009:021 (kernel)
File : nvt/suse_sa_2009_021.nasl
2009-04-15 Name : Ubuntu USN-752-1 (linux-source-2.6.15)
File : nvt/ubuntu_752_1.nasl
2009-04-15 Name : Ubuntu USN-753-1 (postgresql-8.3)
File : nvt/ubuntu_753_1.nasl
2009-04-06 Name : CentOS Security Advisory CESA-2009:0326 (kernel)
File : nvt/ovcesa2009_0326.nasl
2009-04-06 Name : RedHat Security Advisory RHSA-2009:0326
File : nvt/RHSA_2009_0326.nasl
2009-03-31 Name : Debian Security Advisory DSA 1749-1 (linux-2.6)
File : nvt/deb_1749_1.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0360
File : nvt/RHSA_2009_0360.nasl
2009-03-13 Name : RedHat Security Advisory RHSA-2009:0331
File : nvt/RHSA_2009_0331.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-03-13 Name : Mandrake Security Advisory MDVSA-2009:071 (kernel)
File : nvt/mdksa_2009_071.nasl
2009-03-02 Name : SuSE Security Advisory SUSE-SA:2009:010 (kernel)
File : nvt/suse_sa_2009_010.nasl
2009-02-13 Name : RedHat Security Advisory RHSA-2009:0264
File : nvt/RHSA_2009_0264.nasl
2009-02-10 Name : RedHat Security Advisory RHSA-2009:0053
File : nvt/RHSA_2009_0053.nasl
2009-02-02 Name : Fedora Core 9 FEDORA-2009-0816 (kernel)
File : nvt/fcore_2009_0816.nasl
2009-02-02 Name : Fedora Core 10 FEDORA-2009-0923 (kernel)
File : nvt/fcore_2009_0923.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52633 Linux Kernel net/core/sock.c sock_getsockopt Function SO_BSDCOMPAT getsockopt...

52631 Linux Kernel fs/ext4/resize.c ext4_group_add Function Local DoS

52364 Linux Kernel fs/ext4/ext4.h ext4_isize Crafted ext4 Filesystem Handling Local...

52203 Linux Kernel fs/ext4/super.c ext4_fill_super() Function Ext4 File System Supe...

52202 Linux Kernel fs/ext4/namei.c make_indexed_dir() Function Ext4 File System Han...

52198 Linux Kernel drivers/net/skfp/skfddi.c skfp_ioctl() SysKonnect FDDI Driver St...

52195 Linux Kernel 64bit ABI System Call Parameter Sign Extension Local Privilege E...

51653 Linux Kernel drivers/firmware/dell_rbu.c Zero-byte System Call Local DoS

51606 Linux Kernel eCryptfs Subsystem fs/ecryptfs/inode.c readlink Call Handling Lo...

51501 Linux Kernel security/keys/keyctl.c keyctl_join_session_keyring Function Loca...

51253 Linux Kernel sctp net/sctp/sm_statefuns.c FWD-TSN Chunk Remote Overflow

Snort® IPS/IDS

Date Description
2014-01-10 Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
RuleID : 15490 - Revision : 9 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0042.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0004.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0459.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0331.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0326.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0264.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1055.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090430_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090401_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090312_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090210_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6113.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0331.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1243.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0326.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-6440.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6109.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-090402.nasl - Type : ACT_GATHER_INFO
2009-09-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1243.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-090401.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-090602.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-090225.nasl - Type : ACT_GATHER_INFO
2009-06-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-135.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-6274.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0459.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-118.nasl - Type : ACT_GATHER_INFO
2009-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1794.nasl - Type : ACT_GATHER_INFO
2009-05-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1787.nasl - Type : ACT_GATHER_INFO
2009-05-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0459.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-752-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-071.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-751-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0923.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0326.nasl - Type : ACT_GATHER_INFO
2009-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1749.nasl - Type : ACT_GATHER_INFO
2009-03-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0331.nasl - Type : ACT_GATHER_INFO
2009-02-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0264.nasl - Type : ACT_GATHER_INFO
2009-01-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0816.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:28:17
  • Multiple Updates