Vulnerabilities > CVE-2009-4307 - Numeric Errors vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).

Vulnerable Configurations

Part Description Count
OS
Linux
1110

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121113_KERNEL_ON_SL5_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that a previous update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) This update also fixes several bugs. The system must be rebooted for this update to take effect.
    last seen2020-03-18
    modified2012-11-15
    plugin id62924
    published2012-11-15
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62924
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121113)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0380.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important) * a use-after-free flaw was found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic (denial of service). (CVE-2010-1188, Important) * a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic (denial of service). (CVE-2010-0727, Moderate) * a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-4307, Low) Bug fixes : * if a program that calls posix_fadvise() were compiled on x86, and then run on a 64-bit system, that program could experience various problems, including performance issues and the call to posix_fadvise() failing, causing the program to not run as expected or even abort. With this update, when such programs attempt to call posix_fadvise() on 64-bit systems, sys32_fadvise64() is called instead, which resolves this issue. This update also fixes other 32-bit system calls that were mistakenly called on 64-bit systems (including systems running the kernel-xen kernel). (BZ#569597) * on some systems able to set a P-State limit via the BIOS, it was not possible to set the limit to a higher frequency if the system was rebooted while a low limit was set:
    last seen2020-06-01
    modified2020-06-02
    plugin id63932
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63932
    titleRHEL 5 : kernel (RHSA-2010:0380)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1445.NASL
    descriptionUpdated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62920
    published2012-11-15
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62920
    titleCentOS 5 : kernel (CESA-2012:1445)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id79507
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79507
    titleOracleVM 2.2 : kernel (OVMSA-2013-0039)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-100108.NASL
    descriptionIndications Everyone using the Linux Kernel on x86_64 architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen2020-06-01
    modified2020-06-02
    plugin id44037
    published2010-01-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44037
    titleSuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1445-1.NASL
    descriptionFrom Red Hat Security Advisory 2012:1445 : Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68653
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68653
    titleOracle Linux 5 : kernel (ELSA-2012-1445-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_KERNEL-091218.NASL
    descriptionThe Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 to fix the following bugs and security issues : - A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite files of other users, including root. (CVE-2009-4131) - A remote denial of service by sending overly long packets could be used by remote attackers to crash a machine. (CVE-2009-1298) - The mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous
    last seen2020-06-01
    modified2020-06-02
    plugin id43631
    published2010-01-05
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43631
    titleSuSE 11.2 Security Update: kernel (2009-12-18)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0178.NASL
    descriptionUpdated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important) * a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate) * a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-4307, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id46282
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46282
    titleRHEL 5 : kernel (RHSA-2010:0178)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2012-0042.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix bug number for commit
    last seen2020-06-01
    modified2020-06-02
    plugin id79484
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79484
    titleOracleVM 3.1 : kernel-uek (OVMSA-2012-0042)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121218_KERNEL_ON_SL6_X.NASL
    descriptionThis update fixes the following security issues : - It was found that a previous update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) - A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-03-18
    modified2012-12-20
    plugin id63313
    published2012-12-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63313
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121218)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1445.NASL
    descriptionFrom Red Hat Security Advisory 2012:1445 : Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68654
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68654
    titleOracle Linux 5 : kernel (ELSA-2012-1445)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1445.NASL
    descriptionUpdated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id62916
    published2012-11-14
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62916
    titleRHEL 5 : kernel (RHSA-2012:1445)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-100109.NASL
    descriptionIndications Everyone using the Linux Kernel on s390x architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen2020-06-01
    modified2020-06-02
    plugin id52685
    published2011-03-17
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52685
    titleSuSE 11 Security Update : Linux kernel (SAT Patch Number 1753)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-148.NASL
    descriptionA malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375 , Moderate) A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id69707
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69707
    titleAmazon Linux AMI : kernel / nvidia (ALAS-2013-148)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1580.NASL
    descriptionUpdated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id63305
    published2012-12-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63305
    titleCentOS 6 : kernel (CESA-2012:1580)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1580.NASL
    descriptionFrom Red Hat Security Advisory 2012:1580 : Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id68666
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68666
    titleOracle Linux 6 : kernel (ELSA-2012-1580)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2443.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem. Local users with the privileges to mount a filesystem can cause a denial of service (BUG) by providing a s_log_groups_per_flex value greater than 31. - CVE-2011-1833 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information leak in the eCryptfs filesystem. Local users were able to mount arbitrary directories. - CVE-2011-4347 Sasha Levin reported an issue in the device assignment functionality in KVM. Local users with permission to access /dev/kvm could assign unused pci devices to a guest and cause a denial of service (crash). - CVE-2012-0045 Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest running on a 64-bit system can crash the guest with a syscall instruction. - CVE-2012-1090 CAI Qian reported an issue in the CIFS filesystem. A reference count leak can occur during the lookup of special files, resulting in a denial of service (oops) on umount. - CVE-2012-1097 H. Peter Anvin reported an issue in the regset infrastructure. Local users can cause a denial of service (NULL pointer dereference) by triggering the write methods of readonly regsets.
    last seen2020-03-17
    modified2012-03-27
    plugin id58486
    published2012-03-27
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58486
    titleDebian DSA-2443-1 : linux-2.6 - privilege escalation/denial of service
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1580.NASL
    descriptionUpdated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id63292
    published2012-12-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63292
    titleRHEL 6 : kernel (RHSA-2012:1580)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_KERNEL-100107.NASL
    descriptionThe openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. CVE-2009-4005: The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driver was fixed. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. For a complete list of changes, please look at the RPM changelog.
    last seen2020-06-01
    modified2020-06-02
    plugin id44034
    published2010-01-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44034
    titleopenSUSE Security Update : kernel (kernel-1749)

Oval

accepted2013-04-29T04:22:57.963-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
familyunix
idoval:org.mitre.oval:def:9874
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
version18

Redhat

advisories
rhsa
idRHSA-2010:0380
rpms
  • kernel-0:2.6.18-194.el5
  • kernel-PAE-0:2.6.18-194.el5
  • kernel-PAE-debuginfo-0:2.6.18-194.el5
  • kernel-PAE-devel-0:2.6.18-194.el5
  • kernel-debug-0:2.6.18-194.el5
  • kernel-debug-debuginfo-0:2.6.18-194.el5
  • kernel-debug-devel-0:2.6.18-194.el5
  • kernel-debuginfo-0:2.6.18-194.el5
  • kernel-debuginfo-common-0:2.6.18-194.el5
  • kernel-devel-0:2.6.18-194.el5
  • kernel-doc-0:2.6.18-194.el5
  • kernel-headers-0:2.6.18-194.el5
  • kernel-kdump-0:2.6.18-194.el5
  • kernel-kdump-debuginfo-0:2.6.18-194.el5
  • kernel-kdump-devel-0:2.6.18-194.el5
  • kernel-xen-0:2.6.18-194.el5
  • kernel-xen-debuginfo-0:2.6.18-194.el5
  • kernel-xen-devel-0:2.6.18-194.el5
  • kernel-0:2.6.18-164.17.1.el5
  • kernel-PAE-0:2.6.18-164.17.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-164.17.1.el5
  • kernel-PAE-devel-0:2.6.18-164.17.1.el5
  • kernel-debug-0:2.6.18-164.17.1.el5
  • kernel-debug-debuginfo-0:2.6.18-164.17.1.el5
  • kernel-debug-devel-0:2.6.18-164.17.1.el5
  • kernel-debuginfo-0:2.6.18-164.17.1.el5
  • kernel-debuginfo-common-0:2.6.18-164.17.1.el5
  • kernel-devel-0:2.6.18-164.17.1.el5
  • kernel-doc-0:2.6.18-164.17.1.el5
  • kernel-headers-0:2.6.18-164.17.1.el5
  • kernel-kdump-0:2.6.18-164.17.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-164.17.1.el5
  • kernel-kdump-devel-0:2.6.18-164.17.1.el5
  • kernel-xen-0:2.6.18-164.17.1.el5
  • kernel-xen-debuginfo-0:2.6.18-164.17.1.el5
  • kernel-xen-devel-0:2.6.18-164.17.1.el5

Seebug

bulletinFamilyexploit
descriptionCVE ID: CVE-2009-4307 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的ext4子系统fs/ext4/super.c文件中的ext4_fill_flex_info函数中存在拒绝服务漏洞。如果用户所加载的 ext4文件系统中的超级块带有超大的FLEX_BG组大小(也称为s_log_groups_per_flex值),groups_per_flex就会溢出,导致0除数错误,系统可能会崩溃。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=503358ae01b70ce6909d19dd01287093f6b6271c
idSSV:15185
last seen2017-11-19
modified2010-01-06
published2010-01-06
reporterRoot
titleLinux Kernel ext4_fill_flex_info函数拒绝服务漏洞

Statements

contributorTomas Hoger
lastmodified2009-12-15
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4307 The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue. A future kernel update for Red Hat Enterprise Linux 5 will address this flaw.