CVE-2009-2908 - The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local use

CVE-2009-2908

Summary

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 13-02-2023 - 02:20)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2013-04-29T04:03:37.914-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10216

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2014-01-20T04:01:31.058-05:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Chris Coffin
organization The MITRE Corporation

definition_extensions

comment	VMware ESX Server 4.0 is installed
oval	oval:org.mitre.oval:def:6293

description

family

unix

oval:org.mitre.oval:def:6992

status

accepted

submitted

2010-06-01T17:30:00.000-05:00

title

Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability

version

redhat via4

advisories

rhsa

id	RHSA-2009:1548

rpms

kernel-0:2.6.18-164.6.1.el5
kernel-PAE-0:2.6.18-164.6.1.el5
kernel-PAE-debuginfo-0:2.6.18-164.6.1.el5
kernel-PAE-devel-0:2.6.18-164.6.1.el5
kernel-debug-0:2.6.18-164.6.1.el5
kernel-debug-debuginfo-0:2.6.18-164.6.1.el5
kernel-debug-devel-0:2.6.18-164.6.1.el5
kernel-debuginfo-0:2.6.18-164.6.1.el5
kernel-debuginfo-common-0:2.6.18-164.6.1.el5
kernel-devel-0:2.6.18-164.6.1.el5
kernel-doc-0:2.6.18-164.6.1.el5
kernel-headers-0:2.6.18-164.6.1.el5
kernel-kdump-0:2.6.18-164.6.1.el5
kernel-kdump-debuginfo-0:2.6.18-164.6.1.el5
kernel-kdump-devel-0:2.6.18-164.6.1.el5
kernel-xen-0:2.6.18-164.6.1.el5
kernel-xen-debuginfo-0:2.6.18-164.6.1.el5
kernel-xen-devel-0:2.6.18-164.6.1.el5

refmap via4

bid	36639
confirm	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=afc2b6932f48f200736d3e36ad66fee0ec733136 https://bugzilla.redhat.com/show_bug.cgi?id=527534
fedora	FEDORA-2009-10525
misc	https://bugs.launchpad.net/ecryptfs/+bug/387073
mlist	[oss-security] 20091006 Kernel ecryptfs CVE id (CVE-2009-2908) [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
secunia	37075 37105 38794 38834
ubuntu	USN-852-1
vupen	ADV-2010-0528
xf	kernel-ecryptfs-dos(53693)

statements via4

contributor	Tomas Hoger
lastmodified	2009-11-04
organization	Red Hat
statement	The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html

Last major update

13-02-2023 - 02:20

Published

13-10-2009 - 10:30

Last modified

13-02-2023 - 02:20