First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 81106
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
81106.patch Patch (2.6) patch Tim Yamin (RETIRED) 2005-02-15 12:41 0000 826 bytes Details | Diff
81106-2.4.patch Patch (2.4) patch Tim Yamin (RETIRED) 2005-02-18 11:58 0000 2.19 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 81106 depends on: Show dependency tree
Bug 81106 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-07 06:00 0000 
Description:
Carl-Daniel Hailfinger has reported a vulnerability in the Linux kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to missing "printk()" rate limitations in the "ntfs_warning()" and "ntfs_error()" functions within the NTFS functionality when compiled without debugging.

Solution:
The vulnerability has been fixed in version 2.6.11-rc3.
http://kernel.org/

------- Comment #1 From Tim Yamin (RETIRED) 2005-02-15 12:41:04 0000 ------- 
Created an attachment (id=51299) [edit]
Patch (2.4/2.6)

------- Comment #2 From Tim Yamin (RETIRED) 2005-02-18 11:58:25 0000 ------- 
Created an attachment (id=51543) [edit]
Patch (2.4)

------- Comment #3 From Thierry Carrez (RETIRED) 2005-03-16 03:16:41 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #4 From Daniel Drake 2005-03-16 05:52:52 0000 ------- 
gentoo-dev-sources unaffected

------- Comment #5 From solar 2005-03-16 08:08:14 0000 ------- 
2.4.29 does not appear to have a ntfs/debug.c

------- Comment #6 From Tim Yamin (RETIRED) 2005-04-07 05:23:26 0000 ------- 
CCing maintainers; *NOTE*: If your 2.4 series kernel does not have an
fs/ntfs/debug.c there is no need to patch it but please state so on this bug.
2.6 kernels < 2.6.11 all need patching.

hardened(-dev)-sources: Adding hardened herd...
hppa-sources: Adding GMSoft...
mips-sources: Adding Kumba...
openmosix-sources: Adding cluster...
pegasos-sources: Adding dholm...
rsbac-sources: Adding kang...

------- Comment #7 From Guillaume Destuynder (RETIRED) 2005-04-08 02:40:07 0000 ------- 
rsbac-sources wasn't affected

------- Comment #8 From David Holm (RETIRED) 2005-04-14 03:34:11 0000 ------- 
pegasos-sources fixed

------- Comment #9 From Joshua Kinard 2005-04-23 22:23:06 0000 ------- 
mips-sources fixed.

------- Comment #10 From Tim Yamin (RETIRED) 2005-08-15 15:37:26 0000 ------- 
All fixed, closing bug.

------- Comment #11 From Robert Buchholz 2009-05-03 14:54:39 0000 ------- 
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=062775e869f64212e5cba6b0a41b77ccdd1fdcd1
First Last Prev Next    No search results available      Search page      Enter new bug