CVE Database
CVE-2009-2908
| Impact: | Important (classification) |
| Public: | September 22 2009 |
| Bugzilla: | 527534: CVE-2009-2908 kernel ecryptfs NULL pointer dereference |
Details
The MITRE CVE dictionary describes this issue as:
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Find out more about CVE-2009-2908 from the MITRE CVE dictionary and NIST NVD.
Statement
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html
CVSS v2 metrics
| Base Score: | 7.2 | Base Metrics: | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector: | Local | Confidentiality Impact: | Complete |
| Access Complexity: | Low | Integrity Impact: | Complete |
| Authentication: | None | Availability Impact: | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
| Platform | Errata | Release Date |
| Red Hat Enterprise Linux version 5 (kernel) | RHSA-2009:1548 | November 03 2009 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Red Hat Security Response Team.
