CVE-2009-0747 – kernel: ext4: ext4_isize() denial of service
https://notcve.org/view.php?id=CVE-2009-0747
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. La función ext4_isize en fs/ext4/ext4.h del kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 utiliza el componente de la estructura i_size_high sobre tipos de ficheros de su elección, lo que permite a usuarios locales provocar una denegación de servicio (consumo de CPU y la inundación de mensajes de error) por tratar de montar un sistema de archivos ext4 manipulado. • http://bugzilla.kernel.org/show_bug.cgi?id=12375 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=06a279d636734da32bb62dd2f7b0ade666f65d7c http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/34394 http://secunia.com/advisories/36562 http://secunia.com/advisories/37471 http://www.debian.or • CWE-399: Resource Management Errors •
CVE-2009-0748 – kernel: ext4: ext4_fill_super() missing validation issue
https://notcve.org/view.php?id=CVE-2009-0748
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. La superfunción ext4_fill_super en fs/ext4/super.c del kernel Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no valida la configuración de superbloque, lo que permite a usuarios locales provocar una denegación de servicio (un puntero de referencia NULL y OOPS) mediante el intento de montar un sistema de ficheros ext4 manipulado. • http://bugzilla.kernel.org/show_bug.cgi?id=12371 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ec110281379826c5cf6ed14735e47027c3c5765 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 http://osvdb.org/52203 http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/34394 http://secunia.com/advisories/36562 http://secunia.com/advisories/37 • CWE-20: Improper Input Validation •
CVE-2009-0746 – Linux Kernel 2.6.x - 'make_indexed_dir()' Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-0746
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. La función make_indexed_dir en fs/ext4/namei.c en el kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no valida el campo rec_len, lo que permite a usuarios locales provocar una denegación de servicio (OOPS ) por tratar de montar un sistema de archivos ext4 manipulado. • https://www.exploit-db.com/exploits/32775 http://bugzilla.kernel.org/show_bug.cgi?id=12430 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 http://osvdb.org/52202 http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/34394 http://secunia.com/advi • CWE-20: Improper Input Validation •
CVE-2009-0745 – kernel: ext4: ext4_group_add() missing initialisation issue
https://notcve.org/view.php?id=CVE-2009-0745
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. La función ext4_group_add en fs/ext4/resize.c en el kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no inicializa de forma adecuada el descriptor de grupo durante una operación de cambio de tamaño (también conocido como resize2fs), que podría permitir a los usuarios locales, provocar una denegación de servicio (OOPS) organizando valores manipulados, para estar en la memoria disponible. • http://bugzilla.kernel.org/show_bug.cgi?id=12433 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/34394 http://secunia.com/advisories/34981 http://secunia.com/advisories/36562 http://secunia.com/ • CWE-20: Improper Input Validation •
CVE-2009-0675 – kernel: skfp_ioctl inverted logic flaw
https://notcve.org/view.php?id=CVE-2009-0675
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. La funcion skfp_ioctl en drivers/net/skfp/skfddi.c en el kernel de Linux anterior a v2.6.28.6 permite peticiones SKFP_CLR_STATS solo cuando la capacidad CAP_NET_ADMIN esta ausente, en cambio cuando esta capacidad esta presente, lo que permite a usuarios locales borrar las estadísticas de driver, relacionado con el hecho "lógica inversa". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c25b9abbc2c2c0da88e180c3933d6e773245815a http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.openwall.net/netdev/2009/01/28/90 http://openwall.com/lists/oss-security/2009/02/20/2 http://secunia.com/advisories/33758 http://secunia.com/advisories/33938 http://secunia.com/advisories/34394 http://secunia.com/advisories/34502 http://secunia.com/advisories/34680 http:/ • CWE-264: Permissions, Privileges, and Access Controls •