Red Hat Bugzilla – Bug 152400
CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak
Last modified: 2007-11-30 17:07:06 EST
A flaw was discovered in ext2 filesystem support affecting 2.4 and 2.6 kernels.
When a new directory is created, the ext2 block written to disk is initialized,
leading to an information leak.
The following script can easily show the problem on Linux 2.4 and 2.6:
dd if=/dev/zero of=$FILE bs=1k count=8192
mke2fs -F -b 1024 -m0 $FILE
mount -o loop $FILE mnt
for D in `seq 500` ; do mkdir mnt/$D ; done
Using 'strings foo' will reveal the information leak in the file.
Patch committed upstream, see
("is not initialized")
This information leak is visible solely to the super-user.
A fix for this problem has just been committed to the RHEL3 U6
patch pool this evening (in kernel version 2.4.21-32.5.EL).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.