Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 155769

Summary: Kernel: NTFS __find_get_block_slow() denial of service (CVE-2006-6060)
Product: Gentoo Security Reporter: Jule Slootbeek <jslootbeek>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kang, kumba, lcars
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6060
Whiteboard: [linux <2.6.19][genpatches <2.6.18-8]
Package list:
Runtime testing required: ---

Description Jule Slootbeek 2006-11-20 07:22:10 UTC 
MoKB reports the following Denial of Service vulnerability in the 2.6.x tree of the Linux kernel.

The NTFS filesystem module of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This issue is similar to that explained in MOKB-05-11-2006.
Comment 1 Jule Slootbeek 2006-11-27 05:30:24 UTC 
CVE-2006-6060 posted: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6060
Comment 2 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-12-22 13:59:15 UTC 
hppa-sources: Gmsoft, bump to 2.6.19. Patch is not available.
mips-sources: Kumba, bump to 2.6.19. Patch is not available.
rsbac-sources: Kang, bump to 2.6.19. Patch is not available.
systrace-sources: Lcars, bump to 2.6.19. Patch is not available.
usermode-sources: Dang, bump to 2.6.19. Patch is not available.
xen-sources: Someone (hehe), bump to 2.6.19. Patch is not available.

If any of you have significant trouble performing this bump in the ~arch tree, please comment on this bug.
Comment 3 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-12-22 14:12:44 UTC 
hppa-sources: Gmsoft, bump to 2.6.19. Patch is not available.
mips-sources: Kumba, bump to 2.6.19. Patch is not available.
rsbac-sources: Kang, bump to 2.6.19. Patch is not available.
systrace-sources: Lcars, bump to 2.6.19. Patch is not available.
usermode-sources: Dang, bump to 2.6.19. Patch is not available.
xen-sources: Someone (hehe), bump to 2.6.19. Patch is not available.

If any of you have significant trouble performing this bump in the ~arch tree, please comment on this bug.
Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-12-22 19:46:24 UTC 
There is not yet a UML patchset for 2.6.19.  This makes it a bit difficult for me to bump there...  I'll try to forward-port the 2.6.18 patch, but historically this has been really difficult, so no promises.
Comment 5 Guy Martin (RETIRED) gentoo-dev 2006-12-23 03:51:43 UTC 
hppa-sources-2.6.19.1 commited.
Comment 6 Daniel Drake (RETIRED) gentoo-dev 2007-01-01 20:19:21 UTC 
Fixed in genpatches-2.6.18-8 (gentoo-sources-2.6.18-r6)
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2007-01-01 20:19:21 UTC 
*** Bug 158782 has been marked as a duplicate of this bug. ***
Comment 8 Daniel Gryniewicz (RETIRED) gentoo-dev 2007-01-02 20:00:25 UTC 
usermode-sources-2.6.18-r1 added.
Comment 9 Guillaume Destuynder (RETIRED) gentoo-dev 2007-01-12 13:41:37 UTC 
rsbac-sources-2.6.19 is in cvs (~arch)
Comment 10 Andrew Ross (RETIRED) gentoo-dev 2007-01-27 06:02:54 UTC 
Thanks, this is fixed in xen-sources-2.6.16.28-r2, which will hit the tree in a few hours (just waiting for the mirrors to update before I commit the ebuild).
Comment 11 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2007-05-21 23:20:41 UTC 
All done.