CVE-2008-3275

Linux kernel local filesystem DoS

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.

Las funciones (1) real_lookup y (2) __lookup_hash en el archivo fs/namei.c en la implementación de vfs en el kernel de Linux anterior a versión 2.6.25.15 no previene la creación de una matriz de elementos secundarios para un directorio eliminado (también se conoce como S_DEAD), que permite a los usuarios locales causar una denegación de servicio ("overflow" del área huérfana UBIFS) por medio de una serie de intentos de creación de archivos sin eliminar los directorios.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-07-24 CVE Reserved
2008-08-12 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (33)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77	X_refsource_confirm
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15	Broken Link
http://secunia.com/advisories/31551	Broken Link
http://secunia.com/advisories/31614	Broken Link
http://secunia.com/advisories/31836	Broken Link
http://secunia.com/advisories/31881	Broken Link
http://secunia.com/advisories/32023	Broken Link
http://secunia.com/advisories/32104	Broken Link
http://secunia.com/advisories/32190	Broken Link
http://secunia.com/advisories/32344	Broken Link
http://secunia.com/advisories/33201	Broken Link
http://secunia.com/advisories/33280	Broken Link
http://secunia.com/advisories/33556	Broken Link
http://www.securitytracker.com/id?1020739	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2430	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/44410	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551	Signature

URL	Date	SRC
http://lkml.org/lkml/2008/7/2/83	2024-08-07

URL	Date	SRC
http://www.debian.org/security/2008/dsa-1630	2023-02-13
http://www.debian.org/security/2008/dsa-1636	2023-02-13
http://www.securityfocus.com/bid/30647	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=457858	2009-01-14

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0787.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0857.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0885.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0973.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-0014.html	2023-02-13
https://usn.ubuntu.com/637-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2008-3275	2009-01-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 2.6.25.15 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.25.15"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		lts		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop"				10 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "10"		sp1		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				10 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "10"		sp1		Affected