ID CVE-2009-0747
Summary The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
References
Vulnerable Configurations
  • Linux Kernel 2.6.27
    cpe:2.3:o:linux:linux_kernel:2.6.27
  • Linux Kernel 2.6.27 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc1
  • Linux Kernel 2.6.27 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc2
  • Linux Kernel 2.6.27 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc3
  • Linux Kernel 2.6.27 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc4
  • Linux Kernel 2.6.27 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc5
  • Linux Kernel 2.6.27 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc6
  • Linux Kernel 2.6.27 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc7
  • Linux Kernel 2.6.27 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc8
  • Linux Kernel 2.6.27 Release Candidate 9
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc9
  • Linux Kernel 2.6.27.1
    cpe:2.3:o:linux:linux_kernel:2.6.27.1
  • Linux Kernel 2.6.27.2
    cpe:2.3:o:linux:linux_kernel:2.6.27.2
  • Linux Kernel 2.6.27.3
    cpe:2.3:o:linux:linux_kernel:2.6.27.3
  • Linux Kernel 2.6.27.4
    cpe:2.3:o:linux:linux_kernel:2.6.27.4
  • Linux Kernel 2.6.27.5
    cpe:2.3:o:linux:linux_kernel:2.6.27.5
  • Linux Kernel 2.6.27.6
    cpe:2.3:o:linux:linux_kernel:2.6.27.6
  • Linux Kernel 2.6.27.7
    cpe:2.3:o:linux:linux_kernel:2.6.27.7
  • Linux Kernel 2.6.27.8
    cpe:2.3:o:linux:linux_kernel:2.6.27.8
  • Linux Kernel 2.6.27.9
    cpe:2.3:o:linux:linux_kernel:2.6.27.9
  • Linux Kernel 2.6.27.10
    cpe:2.3:o:linux:linux_kernel:2.6.27.10
  • Linux Kernel 2.6.27.11
    cpe:2.3:o:linux:linux_kernel:2.6.27.11
  • Linux Kernel 2.6.27.12
    cpe:2.3:o:linux:linux_kernel:2.6.27.12
  • Linux Kernel 2.6.27.13
    cpe:2.3:o:linux:linux_kernel:2.6.27.13
  • Linux Kernel 2.6.27.14
    cpe:2.3:o:linux:linux_kernel:2.6.27.14
  • Linux Kernel 2.6.27.15
    cpe:2.3:o:linux:linux_kernel:2.6.27.15
  • Linux Kernel 2.6.27.16
    cpe:2.3:o:linux:linux_kernel:2.6.27.16
  • Linux Kernel 2.6.27.17
    cpe:2.3:o:linux:linux_kernel:2.6.27.17
  • Linux Kernel 2.6.27.18
    cpe:2.3:o:linux:linux_kernel:2.6.27.18
  • Linux Kernel 2.6.28
    cpe:2.3:o:linux:linux_kernel:2.6.28
  • Linux Kernel 2.6.28 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc1
  • Linux Kernel 2.6.28 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc2
  • Linux Kernel 2.6.28 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc3
  • Linux Kernel 2.6.28 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc4
  • Linux Kernel 2.6.28 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc5
  • Linux Kernel 2.6.28 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc6
  • Linux Kernel 2.6.28 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc7
  • Linux Kernel 2.6.28.1
    cpe:2.3:o:linux:linux_kernel:2.6.28.1
  • Linux Kernel 2.6.28.2
    cpe:2.3:o:linux:linux_kernel:2.6.28.2
  • Linux Kernel 2.6.28.3
    cpe:2.3:o:linux:linux_kernel:2.6.28.3
  • Linux Kernel 2.6.28.4
    cpe:2.3:o:linux:linux_kernel:2.6.28.4
  • Linux Kernel 2.6.28.5
    cpe:2.3:o:linux:linux_kernel:2.6.28.5
  • Linux Kernel 2.6.28.6
    cpe:2.3:o:linux:linux_kernel:2.6.28.6
CVSS
Base: 4.9 (as of 02-03-2009 - 11:49)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2013-0039.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79507
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79507
    title OracleVM 2.2 : kernel (OVMSA-2013-0039)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89117
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89117
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0016.NASL
    description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues listed below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 42870
    published 2009-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42870
    title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1243.NASL
    description Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 40835
    published 2009-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40835
    title RHEL 5 : kernel (RHSA-2009:1243)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-751-1.NASL
    description NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307) Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-6107) In certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028) The kernel keyring did not free memory correctly. A local attacker could consume unlimited kernel memory, leading to a denial of service. (CVE-2009-0031) The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065) The eCryptfs filesystem did not correctly handle certain VFS return codes. A local attacker with write-access to an eCryptfs filesystem could cause a system crash, leading to a denial of service. (CVE-2009-0269) The Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322) The page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605) Network interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675) The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676) The ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-0745) The ext4 filesystem did not correctly validate certain fields. A local attacker could mount a malicious ext4 filesystem, causing a system crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748) The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835) The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859) The virtual consoles did not correctly handle certain UTF-8 sequences. A local attacker on the physical console could exploit this to cause a system crash, leading to a denial of service. (CVE-2009-1046). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37337
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37337
    title Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1243.NASL
    description Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43779
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43779
    title CentOS 5 : kernel (CESA-2009:1243)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1749.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. - CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. - CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. - CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35987
    published 2009-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35987
    title Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak
oval via4
  • accepted 2014-01-20T04:01:40.485-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
    family unix
    id oval:org.mitre.oval:def:8585
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware kernel ext4_isize function vulnerability
    version 7
  • accepted 2013-04-29T04:18:28.295-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
    family unix
    id oval:org.mitre.oval:def:9200
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
    version 18
redhat via4
advisories
rhsa
id RHSA-2009:1243
rpms
  • kernel-0:2.6.18-164.el5
  • kernel-PAE-0:2.6.18-164.el5
  • kernel-PAE-devel-0:2.6.18-164.el5
  • kernel-debug-0:2.6.18-164.el5
  • kernel-debug-devel-0:2.6.18-164.el5
  • kernel-devel-0:2.6.18-164.el5
  • kernel-doc-0:2.6.18-164.el5
  • kernel-headers-0:2.6.18-164.el5
  • kernel-kdump-0:2.6.18-164.el5
  • kernel-kdump-devel-0:2.6.18-164.el5
  • kernel-xen-0:2.6.18-164.el5
  • kernel-xen-devel-0:2.6.18-164.el5
refmap via4
bugtraq 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm
debian DSA-1749
secunia
  • 34394
  • 36562
  • 37471
ubuntu USN-751-1
vupen
  • ADV-2009-0509
  • ADV-2009-3316
statements via4
contributor Tomas Hoger
lastmodified 2009-09-02
organization Red Hat
statement This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html
Last major update 22-01-2013 - 23:13
Published 27-02-2009 - 12:30
Last modified 10-10-2018 - 15:30
Back to Top