155769 – Kernel: NTFS __find_get_block_slow() denial of service (CVE-2006-6060)

Bug 155769 - Kernel: NTFS __find_get_block_slow() denial of service (CVE-2006-6060)

Summary: Kernel: NTFS __find_get_block_slow() denial of service (CVE-2006-6060)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	[linux <2.6.19][genpatches <2.6.18-8]
Keywords:

Duplicates (1):	158782 (view as bug list)
Depends on:
Blocks:

Reported:	2006-11-20 07:22 UTC by Jule Slootbeek
Modified:	2009-07-12 20:41 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jule Slootbeek 2006-11-20 07:22:10 UTC

MoKB reports the following Denial of Service vulnerability in the 2.6.x tree of the Linux kernel.

The NTFS filesystem module of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This issue is similar to that explained in MOKB-05-11-2006.

Comment 1 Jule Slootbeek 2006-11-27 05:30:24 UTC

CVE-2006-6060 posted: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6060

Comment 2 Harlan Lieberman-Berg (RETIRED) gentoo-dev

2006-12-22 13:59:15 UTC

hppa-sources: Gmsoft, bump to 2.6.19. Patch is not available.
mips-sources: Kumba, bump to 2.6.19. Patch is not available.
rsbac-sources: Kang, bump to 2.6.19. Patch is not available.
systrace-sources: Lcars, bump to 2.6.19. Patch is not available.
usermode-sources: Dang, bump to 2.6.19. Patch is not available.
xen-sources: Someone (hehe), bump to 2.6.19. Patch is not available.

If any of you have significant trouble performing this bump in the ~arch tree, please comment on this bug.

Comment 3 Harlan Lieberman-Berg (RETIRED) gentoo-dev

2006-12-22 14:12:44 UTC

hppa-sources: Gmsoft, bump to 2.6.19. Patch is not available.
mips-sources: Kumba, bump to 2.6.19. Patch is not available.
rsbac-sources: Kang, bump to 2.6.19. Patch is not available.
systrace-sources: Lcars, bump to 2.6.19. Patch is not available.
usermode-sources: Dang, bump to 2.6.19. Patch is not available.
xen-sources: Someone (hehe), bump to 2.6.19. Patch is not available.

If any of you have significant trouble performing this bump in the ~arch tree, please comment on this bug.

Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev

2006-12-22 19:46:24 UTC

There is not yet a UML patchset for 2.6.19.  This makes it a bit difficult for me to bump there...  I'll try to forward-port the 2.6.18 patch, but historically this has been really difficult, so no promises.

Comment 5 Guy Martin (RETIRED) gentoo-dev

2006-12-23 03:51:43 UTC

hppa-sources-2.6.19.1 commited.

Comment 6 Daniel Drake (RETIRED) gentoo-dev

2007-01-01 20:19:21 UTC

Fixed in genpatches-2.6.18-8 (gentoo-sources-2.6.18-r6)

Comment 7 Daniel Drake (RETIRED) gentoo-dev

2007-01-01 20:19:21 UTC

*** Bug 158782 has been marked as a duplicate of this bug. ***

Comment 8 Daniel Gryniewicz (RETIRED) gentoo-dev

2007-01-02 20:00:25 UTC

usermode-sources-2.6.18-r1 added.

Comment 9 Guillaume Destuynder (RETIRED) gentoo-dev

2007-01-12 13:41:37 UTC

rsbac-sources-2.6.19 is in cvs (~arch)

Comment 10 Andrew Ross (RETIRED) gentoo-dev

2007-01-27 06:02:54 UTC

Thanks, this is fixed in xen-sources-2.6.16.28-r2, which will hit the tree in a few hours (just waiting for the mirrors to update before I commit the ebuild).

Comment 11 Harlan Lieberman-Berg (RETIRED) gentoo-dev

2007-05-21 23:20:41 UTC

All done.