81106 – Kernel: sys-kernel/*: NTFS Unspecified Denial of Service (GENERIC-MAP-NOMATCH)

Bug 81106 - Kernel: sys-kernel/*: NTFS Unspecified Denial of Service (GENERIC-MAP-NOMATCH)

Summary: Kernel: sys-kernel/*: NTFS Unspecified Denial of Service (GENERIC-MAP-NOMATCH)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux < 2.6.11]
Keywords:

Depends on:
Blocks:

Reported:	2005-02-07 06:00 UTC by Jean-François Brunette (RETIRED)
Modified:	2009-07-12 19:46 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch (2.6) (81106.patch,826 bytes, patch) 2005-02-15 12:41 UTC, Tim Yamin (RETIRED)	no flags	Details \| Diff
Patch (2.4) (81106-2.4.patch,2.19 KB, patch) 2005-02-18 11:58 UTC, Tim Yamin (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-02-07 06:00:57 UTC

Description:
Carl-Daniel Hailfinger has reported a vulnerability in the Linux kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to missing "printk()" rate limitations in the "ntfs_warning()" and "ntfs_error()" functions within the NTFS functionality when compiled without debugging.

Solution:
The vulnerability has been fixed in version 2.6.11-rc3.
http://kernel.org/

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-02-15 12:41:04 UTC

Created attachment 51299 [details, diff]
Patch (2.6)

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2005-02-18 11:58:25 UTC

Created attachment 51543 [details, diff]
Patch (2.4)

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-03-16 03:16:41 UTC

Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

Comment 4 Daniel Drake (RETIRED) gentoo-dev

2005-03-16 05:52:52 UTC

gentoo-dev-sources unaffected

Comment 5 solar (RETIRED) gentoo-dev

2005-03-16 08:08:14 UTC

2.4.29 does not appear to have a ntfs/debug.c

Comment 6 Tim Yamin (RETIRED) gentoo-dev

2005-04-07 05:23:26 UTC

CCing maintainers; *NOTE*: If your 2.4 series kernel does not have an fs/ntfs/debug.c there is no need to patch it but please state so on this bug. 2.6 kernels < 2.6.11 all need patching.

hardened(-dev)-sources: Adding hardened herd...
hppa-sources: Adding GMSoft...
mips-sources: Adding Kumba...
openmosix-sources: Adding cluster...
pegasos-sources: Adding dholm...
rsbac-sources: Adding kang...

Comment 7 Guillaume Destuynder (RETIRED) gentoo-dev

2005-04-08 02:40:07 UTC

rsbac-sources wasn't affected

Comment 8 David Holm (RETIRED) gentoo-dev

2005-04-14 03:34:11 UTC

pegasos-sources fixed

Comment 9 Joshua Kinard gentoo-dev

2005-04-23 22:23:06 UTC

mips-sources fixed.

Comment 10 Tim Yamin (RETIRED) gentoo-dev

2005-08-15 15:37:26 UTC

All fixed, closing bug.

Comment 11 Robert Buchholz (RETIRED) gentoo-dev

2009-05-03 14:54:39 UTC

http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=062775e869f64212e5cba6b0a41b77ccdd1fdcd1