Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 131126 - Kernel: Don't allow a backslash in a path component (CVE-2006-1863)
Summary: Kernel: Don't allow a backslash in a path component (CVE-2006-1863)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.kernel.org/git/?p=linux/ke...
Whiteboard: [linux <2.6.16.11]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-24 11:54 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2009-07-12 11:58 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-24 11:54:33 UTC 
Unless Posix paths have been negotiated, the backslash, "\", is not a valid
character in a path component.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-24 21:41:43 UTC 
2.6.16.11 is released.
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-05-05 14:14:28 UTC 
CVE-2006-1863; allows breaking out of a FS as per bug #131632 (this is for cifs, that is for smbfs).
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2006-05-06 07:14:37 UTC 
Maintainers, please bump to linux-2.6.16.14 preferably:

hppa-sources: GMSoft
mips-sources: Kumba
rsbac-sources-2.6: kang
sh-sources-2.6: vapier, can you please produce a 2.6.16.14 one; it'll need a new patchset I suppose
usermode-sources: dsd
xbox-sources: chrb
xen-sources: chrb
Comment 4 Guy Martin (RETIRED) gentoo-dev 2006-05-07 23:07:03 UTC 
hppa-sources-2.6.16.14_p11 stable on hppa.
Comment 5 Daniel Drake (RETIRED) gentoo-dev 2006-05-08 05:48:02 UTC 
usermode-sources fixed thanks to dang
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2006-05-28 13:13:48 UTC 
All done (apart from sh-sources and rsbac-sources (masked)); resolving.