oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request - kernel: xfs: stale data exposure

From: Josh Bressers <bressers () redhat com>
Date: Thu, 19 Aug 2010 15:34:24 -0400 (EDT)
Please use CVE-2010-2943

Thanks.

-- 
    JB


----- "Eugene Teo" <eugene () redhat com> wrote:


An issue was found in the XFS filehandle conversion where inodes that

are deleted may return as valid files as XFS does not verify the inode

numbers in the file handles, i.e. allowing access to deleted data.

The test program that demonstrates the issue via the open_by_handle 
interface can be found here: 
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html.

[PATCH 1/4] xfs: always use iget in bulkstat
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33770

[PATCH 2/4] xfs: validate untrusted inode numbers during lookup
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

This following patch is needed too to address a regression introduced
by 
the patches above:
http://oss.sgi.com/archives/xfs/2010-08/msg00179.html.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=624923

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i);
}
Previous By Date Next
Previous By Thread Next

Current thread: