CVE-2008-3528
CVE-2008-3528
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.htmlhttp://lkml.org/lkml/2008/9/13/98http://lkml.org/lkml/2008/9/13/99http://lkml.org/lkml/2008/9/17/371http://rhn.redhat.com/errata/RHSA-2008-0972.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=459577http://secunia.com/advisories/32356