Bug 217008 - CVE-2006-6057 gfs2 init_journal denial of service
Summary: CVE-2006-6057 gfs2 init_journal denial of service
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
: ---
Assignee: Russell Cattelan
QA Contact: Brian Brock
URL:
Whiteboard: impact=low,source=internet,reported=2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-23 05:50 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version: RC
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-08 00:52:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Proposed fix (1.38 KB, patch)
2007-01-05 16:28 UTC, Russell Cattelan 		no flags Details | Diff
New proposed patch (1.66 KB, patch)
2007-01-06 00:12 UTC, Russell Cattelan 		no flags Details | Diff
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Linux Kernel 7738 0 None None None Never

Description Marcel Holtmann 2006-11-23 05:50:01 UTC 
From MOKB-15-11-2006:

http://projects.info-pull.com/mokb/MOKB-15-11-2006.html

The gfs2 filesystem code fails to properly handle corrupted data structures,
leading to an exploitable denial of service issue when a crafted stream is being
mounted. This particular vulnerability is caused by a NULL pointer dereference
in the init_journal function.
Comment 4 Russell Cattelan 2007-01-05 16:28:22 UTC 
Created attachment 144912 [details]
Proposed fix
Comment 6 Russell Cattelan 2007-01-06 00:12:38 UTC 
Created attachment 144947 [details]
New proposed patch
Comment 7 Jay Turner 2007-01-10 15:26:31 UTC 
Built into 2.6.18-1.3002.el5.
Comment 9 Don Zickus 2007-01-10 23:56:06 UTC 
in 2.6.18-1.3002.el5
Comment 10 RHEL Program Management 2007-02-08 00:52:05 UTC 
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.
Note You need to log in before you can comment on or make changes to this bug.