Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 288014 (CVE-2009-2908) - Kernel: eCryptfs: Prevent lower dentry from going negative during unlink (CVE-2009-2908)
Summary: Kernel: eCryptfs: Prevent lower dentry from going negative during unlink (CVE...
Status: RESOLVED FIXED
Alias: CVE-2009-2908
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.27.37] [linux >=2.6.28 <2...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-07 07:01 UTC by Bjoern Tropf (RETIRED)
Modified: 2013-09-15 18:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bjoern Tropf (RETIRED) gentoo-dev 2009-10-07 07:01:31 UTC 
Cve assigned but not yet released.
Comment 1 Bjoern Tropf (RETIRED) gentoo-dev 2009-10-15 07:56:13 UTC 
CVE-2009-2908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2908):

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-20 22:03:22 UTC 
CVE-2009-2908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2908):
  The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux
  kernel 2.6.31 allows local users to cause a denial of service (kernel
  OOPS) and possibly execute arbitrary code via unspecified vectors
  that cause a "negative dentry" and trigger a NULL pointer
  dereference, as demonstrated via a Mutt temporary directory in an
  eCryptfs mount.