| Summary: | Linux 2.6.x ISO9660 __find_get_block_slow() denial of service (CVE-2006-5757) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Daniel Drake (RETIRED) <dsd> | ||||
| Component: | Kernel | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED DUPLICATE | ||||||
| Severity: | normal | ||||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://projects.info-pull.com/mokb/MOKB-05-11-2006.html | ||||||
| Whiteboard: | [2.6 < 2.6.19] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
Created attachment 104638 [details, diff]
patch
*** Bug 158789 has been marked as a duplicate of this bug. *** Fixed in genpatches-2.6.18-8 (gentoo-sources-2.6.18-r6) |
The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue. When performing a read operation on a corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an infinite loop when __find_get_block_slow() callback from sb_getblk() fails ("due to various races between file io on the block device and getblk").