David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. (The fix was included in the earlier kernels from USN-864-1.) (CVE-2009-1298) Akira Fujita discovered that the Ext4 "move extents" ioctl did not correctly check permissions. A local attacker could exploit this to overwrite arbitrary files on the system, leading to root privilege escalation. (CVE-2009-4131) Reproducible: Always
Using this one to track CVE-2009-4131, CVE-2009-1298 will be done in #296393.
http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git;a=commit;h=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6
Thanks.
CVE-2009-4131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4131): The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
Good Afternoon, Do we have any updates on this bug please?
This is patch is included in >= gentoo-sources-2.6.31-r8 and gentoo-sources-2.6.32-r1