Bug 217008 - CVE-2006-6057 gfs2 init_journal denial of service
Summary: CVE-2006-6057 gfs2 init_journal denial of service
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
: ---
Assignee: Russell Cattelan
QA Contact: Brian Brock
URL:
Whiteboard: impact=low,source=internet,reported=2...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-23 05:50 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version: RC
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-08 00:52:05 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed fix (1.38 KB, patch)
2007-01-05 16:28 UTC, Russell Cattelan
no flags Details | Diff
New proposed patch (1.66 KB, patch)
2007-01-06 00:12 UTC, Russell Cattelan
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Linux Kernel 7738 None None None Never

Description Marcel Holtmann 2006-11-23 05:50:01 UTC
From MOKB-15-11-2006:

http://projects.info-pull.com/mokb/MOKB-15-11-2006.html

The gfs2 filesystem code fails to properly handle corrupted data structures,
leading to an exploitable denial of service issue when a crafted stream is being
mounted. This particular vulnerability is caused by a NULL pointer dereference
in the init_journal function.

Comment 4 Russell Cattelan 2007-01-05 16:28:22 UTC
Created attachment 144912 [details]
Proposed fix

Comment 6 Russell Cattelan 2007-01-06 00:12:38 UTC
Created attachment 144947 [details]
New proposed patch

Comment 7 Jay Turner 2007-01-10 15:26:31 UTC
Built into 2.6.18-1.3002.el5.

Comment 9 Don Zickus 2007-01-10 23:56:06 UTC
in 2.6.18-1.3002.el5

Comment 10 RHEL Product and Program Management 2007-02-08 00:52:05 UTC
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.



Note You need to log in before you can comment on or make changes to this bug.