Bug 152403
| Summary: | CAN-2005-0400 ext2 mkdir() directory entry random kernel memory leak | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mark J. Cox <mjc> |
| Component: | kernel | Assignee: | Dave Jones <davej> |
| Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | CC: | jbaron, pfrields, riel, wtogami |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | source=vendorsec,public=20050321,reported=20050321,impact=low | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-04-11 22:07:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
A flaw was discovered in ext2 filesystem support affecting 2.4 and 2.6 kernels. When a new directory is created, the ext2 block written to disk is not initialized, leading to an information leak. The following script can easily show the problem on Linux 2.4 and 2.6: #!/bin/sh FILE=foo dd if=/dev/zero of=$FILE bs=1k count=8192 mke2fs -F -b 1024 -m0 $FILE mount -o loop $FILE mnt for D in `seq 500` ; do mkdir mnt/$D ; done umount mnt Using 'strings foo' will reveal the information leak in the file. Patch committed upstream, see fixed=2.6-bk (20050325 http://linux.bkbits.net:8080/linux-2.6/cset@4244bfc9vHVlT4nv2o4ys4_sf6vzKA fixed=2.4-bk (20050325 http://linux.bkbits.net:8080/linux-2.4/cset@424473284plfEOB185qmyHPQyNPq4Q Fixed already in FEDORA-2005-262 for FC2