Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Aug 2010 13:59:24 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request - kernel: xfs: stale data exposure

An issue was found in the XFS filehandle conversion where inodes that 
are deleted may return as valid files as XFS does not verify the inode 
numbers in the file handles, i.e. allowing access to deleted data.

The test program that demonstrates the issue via the open_by_handle 
interface can be found here: 
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html.

[PATCH 1/4] xfs: always use iget in bulkstat
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33770

[PATCH 2/4] xfs: validate untrusted inode numbers during lookup
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

This following patch is needed too to address a regression introduced by 
the patches above: http://oss.sgi.com/archives/xfs/2010-08/msg00179.html.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=624923

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.