National Cyber Awareness System
Vulnerability Summary for CVE-2008-5025
Original release date:11/17/2008
Last revised:10/31/2012
Source:
US-CERT/NIST
Overview
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
**NOTE: Access Complexity scored Low due to insufficient information
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=470769
External Source: XF
Name: linux-kernel-hfscatfindbrec-bo(46605)
External Source: UBUNTU
Name: USN-679-1
External Source: SECTRACK
Name: 1021230
External Source: BID
Name: 32289
External Source: REDHAT
Name: RHSA-2009:0014
External Source: MANDRIVA
Name: MDVSA-2008:246
External Source: DEBIAN
Name: DSA-1687
External Source: DEBIAN
Name: DSA-1681
External Source: SECUNIA
Name: 33858
External Source: SECUNIA
Name: 33704
External Source: SECUNIA
Name: 33641
External Source: SECUNIA
Name: 33556
External Source: SECUNIA
Name: 33180
External Source: SECUNIA
Name: 32998
External Source: SECUNIA
Name: 32918
External Source: SECUNIA
Name: 32719
External Source: REDHAT
Name: RHSA-2009:0264
External Source: OVAL
Name: oval:org.mitre.oval:def:10470
External Source: OSVDB
Name: 49863
External Source: MLIST
Name: [oss-security] 20081111 Re: CVE requests: kernel: hfsplus-related bugs
External Source: MLIST
Name: [oss-security] 20081111 Re: CVE requests: kernel: hfsplus-related bugs
External Source: MLIST
Name: [oss-security] 20081110 Re: CVE requests: kernel: hfsplus-related bugs
External Source: MLIST
Name: [oss-security] 20081110 Re: CVE requests: kernel: hfsplus-related bugs
External Source: MLIST
Name: [oss-security] 20081110 Re: CVE requests: kernel: hfsplus-related bugs
External Source: MLIST
Name: [oss-security] 20081110 Re: CVE requests: kernel: hfsplus-related bugs
External Source: SUSE
Name: SUSE-SA:2009:008
External Source: SUSE
Name: SUSE-SA:2009:004
External Source: CONFIRM
Name: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=d38b7aa7fc3371b52d036748028db50b585ade2e
References to Check Content
Identifier:oval:org.mitre.oval:def:10470
Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5
