Bug 217008 - CVE-2006-6057 gfs2 init_journal denial of service
Summary: CVE-2006-6057 gfs2 init_journal denial of service
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Russell Cattelan
QA Contact: Brian Brock
Whiteboard: impact=low,source=internet,reported=2...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2006-11-23 05:50 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2007-02-08 00:52:05 UTC

Attachments (Terms of Use)
Proposed fix (1.38 KB, patch)
2007-01-05 16:28 UTC, Russell Cattelan
no flags Details | Diff
New proposed patch (1.66 KB, patch)
2007-01-06 00:12 UTC, Russell Cattelan
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Linux Kernel 7738 None None None Never

Description Marcel Holtmann 2006-11-23 05:50:01 UTC
From MOKB-15-11-2006:


The gfs2 filesystem code fails to properly handle corrupted data structures,
leading to an exploitable denial of service issue when a crafted stream is being
mounted. This particular vulnerability is caused by a NULL pointer dereference
in the init_journal function.

Comment 4 Russell Cattelan 2007-01-05 16:28:22 UTC
Created attachment 144912 [details]
Proposed fix

Comment 6 Russell Cattelan 2007-01-06 00:12:38 UTC
Created attachment 144947 [details]
New proposed patch

Comment 7 Jay Turner 2007-01-10 15:26:31 UTC
Built into 2.6.18-1.3002.el5.

Comment 9 Don Zickus 2007-01-10 23:56:06 UTC
in 2.6.18-1.3002.el5

Comment 10 RHEL Product and Program Management 2007-02-08 00:52:05 UTC
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.