Access Restriction Bypass in ocfs2-2.6.18-128.1.6.0.1.el5xen | CVE-2008-3528

Q: How to fix?

Upgrade Oracle:5 ocfs2-2.6.18-128.1.6.0.1.el5xen to version 0:1.2.9-1.el5 or higher. This issue was patched in ELSA-2009-0326 .

Threat Intelligence

0.12% (48^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ORACLE5-OCFS226181281601EL5XEN-2448727
published10 Apr 2022
disclosed27 Sept 2008

Report a new vulnerability Found a mistake?

Introduced: 27 Sep 2008

CVE-2008-3528 (opens in a new tab) CWE-264 (opens in a new tab)

How to fix?

Upgrade Oracle:5 ocfs2-2.6.18-128.1.6.0.1.el5xen to version 0:1.2.9-1.el5 or higher.
This issue was patched in ELSA-2009-0326.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ocfs2-2.6.18-128.1.6.0.1.el5xen package and not the ocfs2-2.6.18-128.1.6.0.1.el5xen package as distributed by Oracle. See How to fix? for Oracle:5 relevant fixed versions and status.

The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

References

CVSS Scores

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Privileges Required (PR)
None
User Interaction (UI)
None

Scope (S)
Unchanged

Confidentiality (C)
None
Integrity (I)
None
Availability (A)
Low

Access Restriction Bypass Affecting ocfs2-2.6.18-128.1.6.0.1.el5xen package, versions <0:1.2.9-1.el5

Severity