Bug 158784 (CVE-2006-6053)

Summary:

Linux 2.6.x ext3fs_dirhash denial of service (CVE-2006-6053)

Product:

Gentoo Security

Reporter:

Daniel Drake (RETIRED) <dsd>

Component:

Kernel

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

unnamedrambler

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=40b851348fe9bf49c26025b34261d25142269b60

Whiteboard:

[linux <2.6.16.38] [linux >=2.6.17 <2.6.19.2] [gp <2.6.18-8] [gp >=2.6.19-1 < 2.6.19-4] [gentoo < 2.6.18-r6] [gentoo >=2.6.19 <2.6.19-r3]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
Patch for 2.6.18 and 2.6.19	none

Description Daniel Drake (RETIRED) gentoo-dev

2006-12-21 18:49:29 UTC

Linux 2.6.x ext3 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue with potential fs corruption, when a read operation is done on a crafted ext3 stream.

Comment 1 Daniel Drake (RETIRED) gentoo-dev

2006-12-22 11:46:33 UTC

Created attachment 104602 [details, diff]
Patch for 2.6.18 and 2.6.19

Comment 2 Daniel Drake (RETIRED) gentoo-dev

2007-01-05 06:32:31 UTC

Fixed versions:
gentoo-sources-2.6.18-r6
genpatches-2.6.18-8
gentoo-sources-2.6.19-r3
genpatches-2.6.19-4

Comment 3 unnamedrambler 2008-03-07 01:35:59 UTC

Proposed metadata:
[linux < 2.6.16.38] via http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.38
[gp < 2.6.18-8]
[gp > 2.6.18-8 < 2.6.19-4]
[gentoo < 2.6.18-r6]
[gentoo > 2.6.18-r6 < 2.6.19-r3]