Vulnerability CVE-2009-0745

Vulnerability Name:

CVE-2009-0745 (CCN-49073)

Assigned:

2009-01-11

Published:

2009-01-11

Updated:

2018-10-10

Summary:

The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.9 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Kernel Bug Tracker Bug 12433
Oops while resizing an ext4 LVM2 volume

Source: CONFIRM
Type: UNKNOWN
http://bugzilla.kernel.org/show_bug.cgi?id=12433

Source: MITRE
Type: CNA
CVE-2009-0745

Source: CCN
Type: Linux Kernel GIT Repository
ext4: Initialize the new group descriptor when resizing the filesystem

Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412

Source: CCN
Type: The Linux Kernel Archives Web site
ChangeLog-2.6.27.19

Source: CONFIRM
Type: UNKNOWN
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19

Source: CONFIRM
Type: UNKNOWN
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7

Source: CCN
Type: RHSA-2009-1243
Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1243

Source: SECUNIA
Type: UNKNOWN
34394

Source: SECUNIA
Type: UNKNOWN
34981

Source: SECUNIA
Type: UNKNOWN
36562

Source: SECUNIA
Type: UNKNOWN
37471

Source: DEBIAN
Type: UNKNOWN
DSA-1749

Source: DEBIAN
Type: UNKNOWN
DSA-1787

Source: DEBIAN
Type: DSA-1749
linux-2.6 -- denial of service/privilege escalation/sensitive memory leak

Source: DEBIAN
Type: DSA-1787
linux-2.6.24 -- denial of service/privilege escalation/information leak

Source: BUGTRAQ
Type: UNKNOWN
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: CCN
Type: USN-751-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-751-1

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: VUPEN
Type: Vendor Advisory
ADV-2009-0509

Source: VUPEN
Type: UNKNOWN
ADV-2009-3316

Source: XF
Type: UNKNOWN
linux-kernel-ext4-resize-dos(49073)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10942

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7765

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.6.27:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.27:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc8:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc7:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc9:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc7:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:29153	P	RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update (Important)	2015-08-17
oval:org.mitre.oval:def:12994	P	USN-751-1 -- linux, linux-source-2.6.22 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13503	P	DSA-1749-1 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak	2014-06-23
oval:org.mitre.oval:def:8381	P	DSA-1749 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak	2014-06-23
oval:org.mitre.oval:def:13537	P	DSA-1787-1 linux-2.6.24 -- denial of service/privilege escalation/information leak	2014-06-23
oval:org.mitre.oval:def:21973	P	ELSA-2009:1243: Oracle Linux 5.x.4 kernel security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:7765	V	VMware kernel ext4_group_add function vulnerability	2014-01-20
oval:org.mitre.oval:def:10942	V	The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.	2013-04-29
oval:com.redhat.rhsa:def:20091243	P	RHSA-2009:1243: Red Hat Enterprise Linux 5.4 kernel security and bug fix update (Important)	2009-09-02
oval:org.debian:def:1787	V	denial of service/privilege escalation/information leak	2009-05-02
oval:org.debian:def:1749	V	denial of service/privilege escalation/sensitive memory leak	2009-03-20

BACK