National Cyber-Alert System

Vulnerability Summary for CVE-2008-4933

Overview

Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 32093

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/32093

External Source: XF

Name: linux-kernel-hfsplusfindcat-bo(46405)

Hyperlink:http://xforce.iss.net/xforce/xfdb/46405

External Source: UBUNTU

Name: USN-679-1

Hyperlink:http://www.ubuntu.com/usn/usn-679-1

External Source: REDHAT

Name: RHSA-2009:0014

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0014.html

External Source: MLIST

Name: [oss-security] 20081103 CVE requests: kernel: hfsplus-related bugs

Hyperlink:http://www.openwall.com/lists/oss-security/2008/11/03/2

External Source: MANDRIVA

Name: MDVSA-2008:234

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:234

External Source: DEBIAN

Name: DSA-1687

Hyperlink:http://www.debian.org/security/2008/dsa-1687

External Source: DEBIAN

Name: DSA-1681

Hyperlink:http://www.debian.org/security/2008/dsa-1681

External Source: SECUNIA

Name: 33858

Hyperlink:http://secunia.com/advisories/33858

External Source: SECUNIA

Name: 33704

Hyperlink:http://secunia.com/advisories/33704

External Source: SECUNIA

Name: 33641

Hyperlink:http://secunia.com/advisories/33641

External Source: SECUNIA

Name: 33556

Hyperlink:http://secunia.com/advisories/33556

External Source: SECUNIA

Name: 33180

Hyperlink:http://secunia.com/advisories/33180

External Source: SECUNIA

Name: 32998

Hyperlink:http://secunia.com/advisories/32998

External Source: SECUNIA

Name: 32918

Hyperlink:http://secunia.com/advisories/32918

External Source: SECUNIA

Name: 32510

Type: Advisory

Hyperlink:http://secunia.com/advisories/32510

External Source: REDHAT

Name: RHSA-2009:0264

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-0264.html

External Source: SUSE

Name: SUSE-SA:2009:008

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html

External Source: SUSE

Name: SUSE-SA:2009:004

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html

External Source: CONFIRM

Name: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1

Hyperlink:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40