Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 93251

Summary: Linux Kernel 64 Bit EXT3 Filesystem Extended Attribute Denial Of Service Vulnerability (<=2.6.12rc4) (CAN-2005-0757)
Product: Gentoo Security Reporter: Adir Abraham <adirab>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: kernel, kfm, security-kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/13680
Whiteboard:
Package list:
Runtime testing required: ---

Description Adir Abraham 2005-05-19 13:50:55 UTC
From Securityfocus.com:

The Linux Kernel is prone to a local denial of service vulnerability. Reports 
indicate the issue manifests on 64-bit platforms and is because of a flaw 
present in offset handling for the extended attribute file system code.

A local attacker may trigger this issue to crash the system kernel.

CAN-2005-0757

Reproducible: Always
Steps to Reproduce:
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2005-06-11 10:46:54 UTC
Not a bug - looks like this is an issue caused by RedHat backporting things to a
2.4 series kernel that is RH specific.