blob: 9de8f3bdf702d8f43ab395bf7a596ae958aa19e9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2006-5757
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e5657933863f43cc6bb76a54d659303dafaa9e58
Description:
Race condition in the __find_get_block_slow function in the ISO9660
filesystem in Linux 2.6.18 and possibly other versions allows local
users to cause a denial of service (infinite loop) by mounting a
crafted ISO9660 filesystem containing malformed data structures.
Ubuntu-Description:
A race condition was found in the grow_buffers() function. By mounting a
specially crafted ISO9660 or NTFS file system, a local attacker could
exploit this to trigger an infinite loop in the kernel, rendering the
machine unusable.
Notes:
http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
dannf> Tried the MOKB-05-11-2006 reproducer on 2.4.27/ia64 & no
dannf> infinite loop was triggered
jmm> 2.4.27 has range checks, marking N/A
Bugs:
upstream: released (2.6.19-rc2)
linux-2.6: released (2.6.18.dfsg.1-10) [2.6.16.38]
2.6.18-etch-security: released (2.6.18.dfsg.1-10) [2.6.16.38]
2.6.8-sarge-security: released (2.6.8-16sarge7) [__find_get_block_slow-race.dpatch]
2.4.27-sarge-security: N/A
2.6.12-breezy-security: released (2.6.12-10.43)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-11.35)
|