CVE-2008-3528

Severity

21%

Complexity

39%

Confidentiality

48%

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 16 years ago

2008-09-27 10:30:00

Last updated 6 years ago

2018-10-11 20:48:00

Affected Software

Linux Kernel 2.6.26.5

2.6.26.5

References

SUSE-SA:2008:051

SUSE-SA:2008:052

SUSE-SA:2008:053

SUSE-SR:2008:025

SUSE-SA:2008:056

SUSE-SA:2008:057

[linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption

Exploit

[linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption

Exploit

[linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption

RHSA-2008:0972

32356

32370

32509

Vendor Advisory

32709

Vendor Advisory

32759

Vendor Advisory

32799

Vendor Advisory

32998

Vendor Advisory

33180

Vendor Advisory

33586

Vendor Advisory

33758

Vendor Advisory

37471

Vendor Advisory

http://wiki.rpath.com/Advisories:rPSA-2008-0316

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316

DSA-1681

DSA-1687

MDVSA-2008:224

[oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS

RHSA-2009:0009

RHSA-2009:0326

20081112 rPSA-2008-0316-1 kernel

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

USN-662-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

ADV-2009-3316

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=459577

kernel-errorreporting-dos(45720)

oval:org.mitre.oval:def:10852

oval:org.mitre.oval:def:8642

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.