Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2008-3528

Published: 27/09/2008 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Linux Kernel

Vulnerability Summary

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate malicious users to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.26.5

Vendor Advisories

Ubuntu Security Notice: linux vulnerability
It was discovered that the Linux kernel could be made to hang temporarily when mounting corrupted ext2/3 filesystems If a user were tricked into mounting a specially crafted filesystem, a remote attacker could cause system hangs, leading to a denial of service (CVE-2008-3528) ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues and several bugsare now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Secur ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues and several bugsare now available for Red Hat Enterprise MRG 10This update has been rated as having important security impact by the RedHat Secur ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues and fixvarious bugs are now available for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedH ...
Debian Security Advisories: DSA-1687-1 linux-2.6 -- denial of service/privilege escalation
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3527 Tavis Ormandy reported a local DoS and potential privilege escalation in the Virtual Dynamic Shared Objects (vDSO) ...

References

CWE-264http://lkml.org/lkml/2008/9/17/371https://bugzilla.redhat.com/show_bug.cgi?id=459577http://lkml.org/lkml/2008/9/13/99http://www.openwall.com/lists/oss-security/2008/09/18/2http://lkml.org/lkml/2008/9/13/98http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.htmlhttp://www.ubuntu.com/usn/usn-662-1http://secunia.com/advisories/32509http://www.mandriva.com/security/advisories?name=MDVSA-2008:224http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316http://secunia.com/advisories/32709http://secunia.com/advisories/32759http://rhn.redhat.com/errata/RHSA-2008-0972.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://secunia.com/advisories/32799http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.htmlhttp://wiki.rpath.com/Advisories:rPSA-2008-0316http://secunia.com/advisories/33180http://www.debian.org/security/2008/dsa-1687http://secunia.com/advisories/32998http://www.debian.org/security/2008/dsa-1681http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0009.htmlhttp://secunia.com/advisories/33586http://www.redhat.com/support/errata/RHSA-2009-0326.htmlhttp://secunia.com/advisories/33758http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://secunia.com/advisories/37471http://www.vupen.com/english/advisories/2009/3316http://secunia.com/advisories/32356http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.htmlhttp://secunia.com/advisories/32370https://exchange.xforce.ibmcloud.com/vulnerabilities/45720https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8642https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10852http://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/archive/1/498285/100/0/threadedhttps://usn.ubuntu.com/662-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook