{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a \"negative dentry\" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-852-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"name": "38794", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38794"}, {"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"name": "kernel-ecryptfs-dos(53693)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53693"}, {"name": "oval:org.mitre.oval:def:10216", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216"}, {"name": "37075", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37075"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git%3Ba=commit%3Bh=afc2b6932f48f200736d3e36ad66fee0ec733136"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=527534"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ecryptfs/+bug/387073"}, {"name": "RHSA-2009:1548", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"}, {"name": "38834", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38834"}, {"name": "FEDORA-2009-10525", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"}, {"name": "oval:org.mitre.oval:def:6992", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992"}, {"name": "[oss-security] 20091006 Kernel ecryptfs CVE id (CVE-2009-2908)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/10/06/1"}, {"name": "36639", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36639"}, {"name": "37105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37105"}, {"name": "ADV-2010-0528", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0528"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:07:37.270Z"}, "title": "CVE Program Container", "references": [{"name": "USN-852-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"name": "38794", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38794"}, {"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"name": "kernel-ecryptfs-dos(53693)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53693"}, {"name": "oval:org.mitre.oval:def:10216", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216"}, {"name": "37075", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37075"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git%3Ba=commit%3Bh=afc2b6932f48f200736d3e36ad66fee0ec733136"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=527534"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ecryptfs/+bug/387073"}, {"name": "RHSA-2009:1548", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"}, {"name": "38834", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38834"}, {"name": "FEDORA-2009-10525", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"}, {"name": "oval:org.mitre.oval:def:6992", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992"}, {"name": "[oss-security] 20091006 Kernel ecryptfs CVE id (CVE-2009-2908)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/10/06/1"}, {"name": "36639", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36639"}, {"name": "37105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37105"}, {"name": "ADV-2010-0528", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0528"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-2908", "datePublished": "2009-10-13T10:00:00", "dateReserved": "2009-08-20T00:00:00", "dateUpdated": "2024-08-07T06:07:37.270Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*", "matchCriteriaId": "C4033E0B-A3A1-4CC5-956A-AAA0FB905DDA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a \"negative dentry\" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount."}, {"lang": "es", "value": "La funci\u00f3n d_delete function en fs/ecryptfs/inode.c en eCryptfs en el kernel de Linux v2.6.31 permite a usuarios locales causar una denegaci\u00f3n de servicio (kernel OOPS) y probablemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados que causa una \"entrada negativa\" y ejecuta una deferencia a puntero NULL, como fue demostrado a trav\u00e9s del directorio temporal Mutt en eCryptifs."}], "id": "CVE-2009-2908", "lastModified": "2023-02-13T02:20:19.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-13T10:30:00.547", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git%3Ba=commit%3Bh=afc2b6932f48f200736d3e36ad66fee0ec733136"}, {"source": "secalert@redhat.com", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37075"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37105"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/38794"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/38834"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/10/06/1"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36639"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0528"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/ecryptfs/+bug/387073"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=527534"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53693"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992"}, {"source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html", "lastModified": "2009-11-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1548", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-164.6.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-11-03T00:00:00Z"}], "bugzilla": {"description": "kernel ecryptfs NULL pointer dereference", "id": "527534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=527534"}, "csaw": false, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-476", "details": ["The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a \"negative dentry\" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount."], "name": "CVE-2009-2908", "public_date": "2009-09-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2908\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2908"], "statement": "The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue.", "threat_severity": "Important"}