blob: b1919ac4651a70370c9018e358de5308f2afcaa4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Candidate: CVE-2006-6060
References:
MISC:http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
Description:
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (CPU
consumption) via a malformed NTFS file stream that triggers an infinite loop
in the __find_get_block_slow function.
Ubuntu-Description:
Notes:
fixed by patch for CVE-2006-5757 since the bug is in the common
__find_get_block_slow() function.
dannf> I mounted the reproducer fs on an ia64/2.4.27 system and though
dannf> it didn't cause an infinite loop, the system did lock up hard
Bugs:
upstream:
linux-2.6: released (2.6.18.dfsg.1-10) [2.6.16.38]
2.6.18-etch-security: released (2.6.18.dfsg.1-10) [2.6.16.38]
2.6.8-sarge-security: pending (2.6.8-16sarge7) [__find_get_block_slow-race.dpatch]
2.4.27-sarge-security:
2.6.15-dapper-security: needed
2.6.17-edgy-security: needed
|