summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2006-6054
blob: c0b946973a90b21133ae40f2f82490a5d913311c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Candidate: CVE-2006-6054
References: 
 http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.19.y.git;a=commit;h=8d312ae11257a259d78e122fd73274b8ef4789d1
 http://projects.info-pull.com/mokb/MOKB-12-11-2006.html
Description: 
 The ext2 file system code in Linux kernel 2.6.x allows local users to cause a
 denial of service (crash) via an ext2 stream with malformed data structures
 that triggers an error in the ext2_check_page due to a length that is smaller
 than the minimum.
Ubuntu-Description: 
 The ext2 file system driver did not properly handle corrupted data
 structures. By mounting a specially crafted ext2 file system, a local
 attacker could exploit this to crash the kernel.
Notes: 
 dannf> 2.4 backports submitted upstream on 2008.01.21
Bugs: 
upstream: released (2.6.20-rc5)
linux-2.6: released (2.6.18.dfsg.1-10) [bugfix/2.6.18.38]
2.6.18-etch-security: released (2.6.18.dfsg.1-10) [bugfix/2.6.16.38]
2.6.8-sarge-security: released (2.6.8-17sarge1) [ext2-skip-pages-past-num-blocks.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge6) [258_ext2_readdir-f_pos-fix.diff, 259_ext2_readdir-infinite-loop.diff, 260_ext2-skip-pages-past-num-blocks.diff]
2.6.12-breezy-security: released (2.6.12-10.43)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-11.35)

© 2014-2024 Faster IT GmbH | imprint | privacy policy