Bug 611385 (CVE-2010-2492)
Summary: | CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | arozansk, davej, dhoward, esandeen, jmarchan, jpirko, kmcmartin, lwang, plyons, pmatouse, rcvalle, security-response-team, tcallawa, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-28 08:44:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 611386, 611387, 611388, 626320 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2010-07-05 04:32:42 UTC
rhel-5 crw------- 1 root root 10, 61 Jul 5 03:51 /dev/ecryptfs rhel-6 crw-rw----. 1 root root 10, 57 Jul 5 03:54 /dev/ecryptfs On rhel-6, ecryptfs netlink transport has been removed (commit 624ae528) and /dev/ecryptfs is not world-writable. On rhel-5, we still have the ecryptfs netlink transport (commit 88b4a07e + f66e883e but without 624ae528) and so the issue may still be triggered by unprivileged users. Upstream commit: http://git.kernel.org/linus/a6f80fb7b5986fda663d94079d3bba0937a6b6ff Fixed upstream in 2.6.35, 2.6.34.2, 2.6.33.7, 2.6.32.17 and 2.6.27.49 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0723 https://rhn.redhat.com/errata/RHSA-2010-0723.html Is this issue mitigated by ensuring that the ecryptfs kernel module is not loaded? (In reply to comment #13) > Is this issue mitigated by ensuring that the ecryptfs kernel module is not > loaded? Yes, ensuring that the ecryptfs module is not loaded will mitigate this issue. Statement: The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue. A future update in Red Hat Enterprise Linux 6 may address this flaw. This was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0007 https://rhn.redhat.com/errata/RHSA-2011-0007.html |