Gentoo Bug 158782 - Linux 2.6.x ISO9660 __find_get_block_slow() denial of service (CVE-2006-5757)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	158782
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	DUPLICATE of bug 155769
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Daniel Drake <dsd@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
1905_fs-buffers-infinite-loop.patch	patch	patch	Daniel Drake	2006-12-23 08:23 0000	1.92 KB	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 158782 depends on:			Show dependency tree
Bug 158782 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED DUPLICATE
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-12-21 18:39 0000

The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to
properly handle corrupted data structures, leading to an exploitable denial of
service condition. This particular vulnerability seems to be caused by a race
condition and a signedness issue. When performing a read operation on a
corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an
infinite loop when __find_get_block_slow() callback from sb_getblk() fails
("due to various races between file io on the block device and getblk").

------- Comment #1 From Daniel Drake 2006-12-23 08:23:33 0000 -------

Created an attachment (id=104638) [details]
patch

------- Comment #2 From Daniel Drake 2006-12-26 05:05:07 0000 -------

*** Bug 158789 has been marked as a duplicate of this bug. ***

------- Comment #3 From Daniel Drake 2006-12-26 12:20:30 0000 -------

Fixed in genpatches-2.6.18-8 (gentoo-sources-2.6.18-r6)

------- Comment #4 From Daniel Drake 2007-01-01 20:19:21 0000 -------


*** This bug has been marked as a duplicate of 155769 ***

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 158782

Linux 2.6.x ISO9660 __find_get_block_slow() denial of service (CVE-2006-5757)

Last modified: 2007-01-01 20:19:21 0000