Description: Carl-Daniel Hailfinger has reported a vulnerability in the Linux kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to missing "printk()" rate limitations in the "ntfs_warning()" and "ntfs_error()" functions within the NTFS functionality when compiled without debugging. Solution: The vulnerability has been fixed in version 2.6.11-rc3. http://kernel.org/
Created attachment 51299 [details, diff] Patch (2.6)
Created attachment 51543 [details, diff] Patch (2.4)
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these...
gentoo-dev-sources unaffected
2.4.29 does not appear to have a ntfs/debug.c
CCing maintainers; *NOTE*: If your 2.4 series kernel does not have an fs/ntfs/debug.c there is no need to patch it but please state so on this bug. 2.6 kernels < 2.6.11 all need patching. hardened(-dev)-sources: Adding hardened herd... hppa-sources: Adding GMSoft... mips-sources: Adding Kumba... openmosix-sources: Adding cluster... pegasos-sources: Adding dholm... rsbac-sources: Adding kang...
rsbac-sources wasn't affected
pegasos-sources fixed
mips-sources fixed.
All fixed, closing bug.
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=062775e869f64212e5cba6b0a41b77ccdd1fdcd1