CVE-2009-4131
published 2009-12-13CVE-2009-4131: The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite…
PriorityP433high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.79%
51.6th percentile
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
Affected
324 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.32 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_ubuntu7.8HIGH
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: ext4: BUG_ON() via EXT4_IOC_MOVE_EXT ioctl
vendor_redhat·2009-12-14·CVSS 7.2
CVE-2009-4306 [HIGH] kernel: ext4: BUG_ON() via EXT4_IOC_MOVE_EXT ioctl
kernel: ext4: BUG_ON() via EXT4_IOC_MOVE_EXT ioctl
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-12-10·CVSS 7.8
CVE-2009-4131 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
David Ford discovered that the IPv4 defragmentation routine did not
correctly handle oversized packets. A remote attacker could send
specially crafted traffic that would cause a system to crash, leading
to a denial of service. (The fix was included in the earlier kernels
from USN-864-1.) (CVE-2009-1298)
Akira Fujita discovered that the Ext4 "move extents" ioctl did not
correctly check permissions. A local attacker could exploit this to
overwrite arbitrary files on the system, leading to root privilege
escalation. (CVE-2009-4131)
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Red Hat
kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
vendor_redhat·2009-12-09·CVSS 7.2
CVE-2009-4131 [HIGH] CWE-863 kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
Statement: Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability.
GHSA
GHSA-w5q9-4w6f-xc45: The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2
ghsa_unreviewed·2022-05-02
CVE-2009-4131 [HIGH] GHSA-w5q9-4w6f-xc45: The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
GHSA
GHSA-v4mc-9j94-j2cf: Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2
ghsa_unreviewed·2022-05-02·CVSS 7.2
CVE-2009-4306 [HIGH] GHSA-v4mc-9j94-j2cf: Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.
No detection rules found.
Bugzilla
CVE-2009-4306 kernel: ext4: BUG_ON() via EXT4_IOC_MOVE_EXT ioctl
bugzilla·2009-12-14·CVSS 7.2
CVE-2009-4306 [HIGH] CVE-2009-4306 kernel: ext4: BUG_ON() via EXT4_IOC_MOVE_EXT ioctl
CVE-2009-4306 kernel: ext4: BUG_ON() via EXT4_IOC_MOVE_EXT ioctl
Description of problem:
Name: CVE-2009-4306
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4306
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20091212
Category:
Reference: MISC:http://grsecurity.org/test/grsecurity-2.1.14-2.6.32-200912112157.patch
Reference: MISC:http://twitter.com/fotisl/statuses/6568947714
Reference: MISC:http://twitter.com/spendergrsec/statuses/6551797457
Reference: MISC:http://twitter.com/spendergrsec/statuses/6567167692
Reference: MISC:http://twitter.com/spendergrsec/statuses/6569596339
Reference: MISC:http://twitter.com/spendergrsec/statuses/6572069107
Reference: MISC:http://twitter.com/spendergrsec/statuses/6583954567
Reference: MISC:http://twitter.com/
Bugzilla
CVE-2009-4131 kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
bugzilla·2009-12-04·CVSS 7.2
CVE-2009-4131 [HIGH] CVE-2009-4131 kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
CVE-2009-4131 kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
Description of problem:
>From 910123ba363623f15ffb5d05dd87bdf06d08c609 Mon Sep 17 00:00:00 2001
From: Akira Fujita
Date: Sun, 6 Dec 2009 23:38:31 -0500
Subject: [PATCH] ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
This patch fixes three problems in the handling of the
EXT4_IOC_MOVE_EXT ioctl:
1. In current EXT4_IOC_MOVE_EXT, there are read access mode checks for
original and donor files, but they allow the illegal write access to
donor file, since donor file is overwritten by original file data. To
fix this problem, change access mode checks of original (r->r/w) and
donor (r->w) files.
2. Disallow the use of donor files that have a setuid or setgid bits.
3. Call mnt_want_write() and mnt_drop_write() before
http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git%3Ba=commit%3Bh=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.htmlhttp://lkml.org/lkml/2009/12/9/255http://secunia.com/advisories/37658http://secunia.com/advisories/37686http://secunia.com/advisories/38017http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.loghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:329http://www.securityfocus.com/bid/37277http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/http://www.ubuntu.com/usn/USN-869-1http://www.vupen.com/english/advisories/2009/3468https://bugzilla.redhat.com/show_bug.cgi?id=544471https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00702.htmlhttp://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git%3Ba=commit%3Bh=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.htmlhttp://lkml.org/lkml/2009/12/9/255http://secunia.com/advisories/37658http://secunia.com/advisories/37686http://secunia.com/advisories/38017http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.loghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:329http://www.securityfocus.com/bid/37277http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/http://www.ubuntu.com/usn/USN-869-1http://www.vupen.com/english/advisories/2009/3468https://bugzilla.redhat.com/show_bug.cgi?id=544471https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00702.html
2009-12-13
Published