National Cyber-Alert System

Vulnerability Summary for CVE-2008-4934

Overview

The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 32096

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/32096

External Source: REDHAT

Name: RHSA-2009:0014

Type: Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0014.html

External Source: DEBIAN

Name: DSA-1687

Type: Patch Information

Hyperlink:http://www.debian.org/security/2008/dsa-1687

External Source: DEBIAN

Name: DSA-1681

Type: Patch Information

Hyperlink:http://www.debian.org/security/2008/dsa-1681

External Source: REDHAT

Name: RHSA-2009:0264

Type: Patch Information

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-0264.html

External Source: XF

Name: linux-kernel-hfsplus-dos(46327)

Hyperlink:http://xforce.iss.net/xforce/xfdb/46327

External Source: UBUNTU

Name: USN-679-1

Hyperlink:http://www.ubuntu.com/usn/usn-679-1

External Source: MLIST

Name: [oss-security] 20081103 CVE requests: kernel: hfsplus-related bugs

Hyperlink:http://www.openwall.com/lists/oss-security/2008/11/03/2

External Source: MANDRIVA

Name: MDVSA-2008:234

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:234

External Source: SECUNIA

Name: 33858

Type: Advisory

Hyperlink:http://secunia.com/advisories/33858

External Source: SECUNIA

Name: 33556

Type: Advisory

Hyperlink:http://secunia.com/advisories/33556

External Source: SECUNIA

Name: 33180

Type: Advisory

Hyperlink:http://secunia.com/advisories/33180

External Source: SECUNIA

Name: 32998

Type: Advisory

Hyperlink:http://secunia.com/advisories/32998

External Source: SECUNIA

Name: 32918

Type: Advisory

Hyperlink:http://secunia.com/advisories/32918

External Source: SECUNIA

Name: 32510

Type: Advisory

Hyperlink:http://secunia.com/advisories/32510

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=649f1ee6c705aab644035a7998d7b574193a598a

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=649f1ee6c705aab644035a7998d7b574193a598a