Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 296383 (CVE-2009-4131)

Summary: Kernel: Ext4 "move extents" ioctl privilege elevation (CVE-2009-4131)
Product: Gentoo Security Reporter: Bernd Marienfeldt <bernd>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, josh, kernel, WineLauncher.Jonathan
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git;a=commit;h=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6
Whiteboard: [linux <2.6.31.8] [linux >=2.6.32 <2.6.32.1] [gp <2.6.31-9] [gp >=2.6.32-1 <2.6.32-2]
Package list:
Runtime testing required: ---

Description Bernd Marienfeldt 2009-12-10 10:22:44 UTC 
David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. (The fix was included in the earlier kernels from USN-864-1.) (CVE-2009-1298) Akira Fujita discovered that the Ext4 "move extents" ioctl did not correctly check permissions. A local attacker could exploit this to overwrite arbitrary files on the system, leading to root privilege escalation. (CVE-2009-4131) 

Reproducible: Always
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-10 12:19:21 UTC 
Using this one to track CVE-2009-4131, CVE-2009-1298 will be done in #296393.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-10 19:38:08 UTC 
Thanks.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 02:22:45 UTC 
CVE-2009-4131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4131):
  The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the
  ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local
  users to overwrite arbitrary files via a crafted request, related to
  insufficient checks for file permissions.
Comment 5 Joshua Wright 2010-02-16 16:27:57 UTC 
Good Afternoon,

Do we have any updates on this bug please?
Comment 6 Mike Pagano gentoo-dev 2010-02-16 16:58:12 UTC 
This is patch is included in >= gentoo-sources-2.6.31-r8 and gentoo-sources-2.6.32-r1