Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 125437 - Kernel: XFS ftruncate() bug could expose stale data (CVE-2006-0554)
Summary: Kernel: XFS ftruncate() bug could expose stale data (CVE-2006-0554)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.15.5]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-07 20:33 UTC by kfm
Modified: 2009-07-11 09:42 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
xfs-ftruncate-stale-data.patch (1465_15.5_xfs-ftruncate-stale-data.patch,942 bytes, patch)
2006-03-07 20:34 UTC, kfm 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description kfm 2006-03-07 20:33:59 UTC 
According to the commit "this is CVE-2006-0554 and SGI bug 942658.  With certain types of ftruncate() activity on 2.6 kernels, XFS can end up exposing stale data off disk to a user, putting extents where holes should be." The following kernels and patchsets are unaffected:

  * >=vanilla-sources-2.6.15.5
  * >=gentoo-sources-2.6.15-r6
  * >=genpatches-2.6.15-9

Patch here: http://tinyurl.com/fyql9
Comment 1 kfm 2006-03-07 20:34:46 UTC 
Created attachment 81665 [details, diff]
xfs-ftruncate-stale-data.patch

Patch. Also applies to 2.6.14.
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-03-11 11:58:52 UTC 
CCing maintainers:

ck-sources: marineam
hardened-sources: hardened herd
hppa-sources: gmsoft
mips-sources: `Kumba
rsbac-sources: kang
suspend2-sources: brix
xbox-sources: gimli
Comment 3 Micheal Marineau (RETIRED) gentoo-dev 2006-03-14 12:52:39 UTC 
ck fixed since ck-sources-2.6.15_p5
Comment 4 kfm 2006-03-16 04:32:00 UTC 
Now fixed in:

  * genpatches-2.6.14-11
  * hardened-sources-2.6.14-r6
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2006-05-18 13:38:30 UTC 
All resolved, closing...