Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 256460 (CVE-2009-0269) - Kernel: eCryptfs subsystem DOS (CVE-2009-0269)
Summary: Kernel: eCryptfs subsystem DOS (CVE-2009-0269)
Status: RESOLVED FIXED
Alias: CVE-2009-0269
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.27.12] [linux >=2.6.28 <2...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-26 21:11 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-05 03:50 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-26 21:11:46 UTC 
CVE-2009-0269 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0269):
  fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel
  before 2.6.28.1 allows local users to cause a denial of service
  (fault or memory corruption), or possibly have unspecified other
  impact, via a readlink call that results in an error, leading to use
  of a -1 return value as an array index.
Comment 1 kfm 2009-07-21 02:58:44 UTC 
hardened-kernel unaffected at present time. Removing alias.

PS: Anything using >=genpatches-2.6.27-10 is unaffected (with the sole exception of genpatches-2.6.28-1
Comment 2 kfm 2009-07-21 03:18:19 UTC 
I thought hardened had already taken care of this one with regard to the older kernel versions but apparently not. Adding back hardened-kernel; apologies for the noise.

Note: this issue is not addressed in any stable patch or genpatches release for either 2.6.25 or 2.6.26. However, the patch does apply.