National Cyber-Alert System
Vulnerability Summary for CVE-2008-3528
Original release date:09/27/2008
Last revised:04/08/2009
Source:
US-CERT/NIST
Overview
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=459577
External Source: XF
Name: kernel-errorreporting-dos(45720)
External Source: UBUNTU
Name: USN-662-1
External Source: BUGTRAQ
Name: 20081112 rPSA-2008-0316-1 kernel
External Source: REDHAT
Name: RHSA-2009:0326
External Source: REDHAT
Name: RHSA-2009:0009
External Source: MLIST
Name: [oss-security] 20080918 CVE-2008-3528 Linux kernel ext[234] directory corruption DoS
External Source: MANDRIVA
Name: MDVSA-2008:224
External Source: DEBIAN
Name: DSA-1687
External Source: DEBIAN
Name: DSA-1681
External Source: CONFIRM
Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316
External Source: CONFIRM
Name: http://wiki.rpath.com/Advisories:rPSA-2008-0316
External Source: SECUNIA
Name: 33758
External Source: SECUNIA
Name: 33586
External Source: SECUNIA
Name: 33180
External Source: SECUNIA
Name: 32998
External Source: SECUNIA
Name: 32799
External Source: SECUNIA
Name: 32759
External Source: SECUNIA
Name: 32709
External Source: SECUNIA
Name: 32509
External Source: REDHAT
Name: RHSA-2008:0972
External Source: MLIST
Name: [linux-kernel] 20080918 Re: [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption
External Source: MLIST
Name: [linux-kernel] 20080913 [PATCH 4/4] ext3: Avoid printk floods in the face of directory corruption
External Source: MLIST
Name: [linux-kernel] 20080913 [PATCH 3/4] ext2: Avoid printk floods in the face of directory corruption
External Source: SUSE
Name: SUSE-SA:2008:057
External Source: SUSE
Name: SUSE-SA:2008:056
External Source: SUSE
Name: SUSE-SR:2008:025
External Source: SUSE
Name: SUSE-SA:2008:053