Date: Tue, 21 Oct 2008 08:53:15 +0800 From: Eugene Teo <eteo@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2008-3528 Linux kernel ext directory corruption DoS Eugene Teo wrote: > The ext filesystem code fails to properly handle corrupted data > structures. With a mounted filesystem image or partition that have > corrupted dir->i_size and dir->i_blocks, a user performing either a read > or write operation on the mounted image or partition can lead to a > possible denial of service. > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=459577 > http://lkml.org/lkml/2008/9/13/98 > http://lkml.org/lkml/2008/9/13/99 > http://lkml.org/lkml/2008/9/17/371 > > The issue is not fixed upstream yet, but the patch has been added to -mm > tree. I will update this email as soon as I know the commit hashes. > This issue has been allocated with CVE-2008-3528. Upstream commits: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3) bd39597cbd42a784105a04010100e27267481c67 (ext2) Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.