CVE-2008-3528

NameCVE-2008-3528
DescriptionThe error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1681-1, DSA-1687-1
NVD severitylow (attack range: local)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux-2.6 (PTS)squeeze, squeeze (security)2.6.32-48squeeze6fixed
squeeze (lts)2.6.32-48squeeze13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fai-kernelssourceetch1.17+etch.23etch1lowDSA-1687-1
linux-2.6source(unstable)2.6.26-11low
linux-2.6sourceetch2.6.18.dfsg.1-23etch1lowDSA-1687-1
linux-2.6.24source(unstable)2.6.24-6~etchnhalf.7low
linux-2.6.24sourceetch2.6.24-6~etchnhalf.7lowDSA-1681-1
user-mode-linuxsourceetch2.6.18-1um-2etch.23etch1lowDSA-1687-1

Notes

cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
bd39597cbd42a784105a04010100e27267481c67 (ext2)
9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
Comment from tytso:
Note: some people thinks this represents a security bug, since it
might make the system go away while it is printing a large number of
console messages, especially if a serial console is involved. Hence,
it has been assigned CVE-2008-3528, but it requires that the attacker
either has physical access to your machine to insert a USB disk with a
corrupted filesystem image (at which point why not just hit the power
button), or is otherwise able to convince the system administrator to
mount an arbitrary filesystem image (at which point why not just
include a setuid shell or world-writable hard disk device file or some
such). Me, I think they're just being silly.

Search for package or bug name: Reporting problems