5.5
CVE-2008-3275
- EPSS 0.51%
- Veröffentlicht 12.08.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:31
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.25.15
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
Suse ≫ Suse Linux Enterprise Desktop Version10 Updatesp1
Suse ≫ Suse Linux Enterprise Server Version10 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.393 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://secunia.com/advisories/33280
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/33201
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://secunia.com/advisories/32023
http://www.redhat.com/support/errata/RHSA-2008-0885.html
http://secunia.com/advisories/31551
http://www.debian.org/security/2008/dsa-1630
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
http://secunia.com/advisories/31836
http://secunia.com/advisories/32104
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
http://secunia.com/advisories/31614
https://usn.ubuntu.com/637-1/
http://secunia.com/advisories/31881
http://secunia.com/advisories/32190
http://www.debian.org/security/2008/dsa-1636
http://www.redhat.com/support/errata/RHSA-2008-0857.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15
http://lkml.org/lkml/2008/7/2/83
http://secunia.com/advisories/32344
http://secunia.com/advisories/33556
http://www.redhat.com/support/errata/RHSA-2009-0014.html
http://www.securityfocus.com/bid/30647
http://www.securitytracker.com/id?1020739
http://www.vupen.com/english/advisories/2008/2430
https://bugzilla.redhat.com/show_bug.cgi?id=457858
https://exchange.xforce.ibmcloud.com/vulnerabilities/44410
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551