Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-2908

Published: 13 October 2009

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.

Priority

Medium

Status

Package Release Status
linux-source-2.6.15
Launchpad, Ubuntu, Debian
upstream
Released (2.6.32~rc1)
dapper Not vulnerable

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

linux
Launchpad, Ubuntu, Debian
upstream
Released (2.6.32~rc1)
dapper Does not exist

hardy
Released (2.6.24-25.63)
intrepid
Released (2.6.27-15.43)
jaunty
Released (2.6.28-16.55)
Patches:
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 9c2d2056647790c5034d722bd24e9d913ebca73c