CVE-2008-5025 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5025
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5025

Description: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-679-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html SAID Secunia Advisory: SA32918 Secunia Advisory: SA33180 Secunia Advisory: SA32998 Secunia Advisory: SA33641 Secunia Advisory: SA33704 Secunia Advisory: SA33556 Secunia Advisory: SA33858 REDHAT http://rhn.redhat.com/errata/RHSA-2009-0264.html http://www.redhat.com/support/errata/RHSA-2009-0014.html MLIST http://openwall.com/lists/oss-security/2008/11/11/1 http://openwall.com/lists/oss-security/2008/11/11/12 http://openwall.com/lists/oss-security/2008/11/10/7 http://openwall.com/lists/oss-security/2008/11/10/6 http://openwall.com/lists/oss-security/2008/11/10/3 http://openwall.com/lists/oss-security/2008/11/10/1 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:246 DEBIAN http://www.debian.org/security/2008/dsa-1681 http://www.debian.org/security/2008/dsa-1687 CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=d38b7aa7fc3371b52d036748028db50b585ade2e

Return to the previous page.