Bug#303500: marked as done (CAN-2005-0400: EXT2 File System Information Leak Vulnerability)

To: Horms <horms@debian.org>
Cc: Debian kernel team <debian-kernel@lists.debian.org>
Subject: Bug#303500: marked as done (CAN-2005-0400: EXT2 File System Information Leak Vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 05 Oct 2005 23:18:15 -0700
Message-id: <[🔎] handler.303500.D303500.112857548616765.ackdone@bugs.debian.org>
In-reply-to: <20051006050418.GA19241@verge.net.au>
References: <20051006050418.GA19241@verge.net.au> <20050407025954.B5BFFC000D48@sd01.mel.strategicdata.com.au>

Your message dated Thu, 6 Oct 2005 14:04:18 +0900
with message-id <20051006050418.GA19241@verge.net.au>
and subject line #303500: CAN-2005-0400: EXT2 File System Information Leak Vulnerability
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Apr 2005 02:59:56 +0000
>From geoffc@strategicdata.com.au Wed Apr 06 19:59:56 2005
Return-path: <geoffc@strategicdata.com.au>
Received: from sdcarl02.strategicdata.com.au (sd01.mel.strategicdata.com.au) [203.214.67.82] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DJNFM-0008FS-00; Wed, 06 Apr 2005 19:59:56 -0700
Received: from sd01 (localhost [127.0.0.1])
	by mail-int.strategicdata.com.au (Postfix) with ESMTP id E2E19C000D48
	for <submit@bugs.debian.org>; Thu,  7 Apr 2005 12:59:54 +1000 (EST)
Received: 
	from sd01.mel.strategicdata.com.au (localhost [])
	by localhost ([127.0.0.1]);
	Thu, 07 Apr 2005 02:59:54 +0000
Received: from carthanach.mel.strategicdata.com.au (carthanach.mel.strategicdata.com.au [192.168.1.99])
	by sd01.mel.strategicdata.com.au (Postfix) with SMTP id B5BFFC000D48
	for <submit@bugs.debian.org>; Thu,  7 Apr 2005 12:59:54 +1000 (EST)
Received: by carthanach.mel.strategicdata.com.au (sSMTP sendmail emulation); Thu,  7 Apr 2005 12:59:54 +1000
From: "Geoff Crompton" <geoffc@strategicdata.com.au>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0400: EXT2 File System Information Leak Vulnerability
X-Mailer: reportbug 3.8
Date: Thu, 07 Apr 2005 12:59:54 +1000
Message-Id: <20050407025954.B5BFFC000D48@sd01.mel.strategicdata.com.au>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: normal

Information leak in ext2 code. Quoting from USN-103-1:
>Mathieu Lafon discovered an information leak in the ext2 file system
>driver. When a new directory was created, the ext2 block written to
>disk was not initialized, so that previous memory contents (which
>could contain sensitive data like passwords) became visible on the raw
>device. This is particularly important if the target device is
>removable and thus can be read by users other than root. 

The patch 2.6.11.6 that deals with this is:
--- a/fs/ext2/dir.c 2005-03-25 19:28:57 -08:00
+++ b/fs/ext2/dir.c 2005-03-25 19:28:57 -08:00
@@ -592,6 +592,7 @@
		goto fail;
	}
	kaddr = kmap_atomic(page, KM_USER0);
+	memset(kaddr, 0, chunk_size);
	de = (struct ext2_dir_entry_2 *)kaddr;
	de->name_len = 1;
	de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1)); 

---------------------------------------
Received: (at 303500-done) by bugs.debian.org; 6 Oct 2005 05:11:26 +0000
>From horms@koto.vergenet.net Wed Oct 05 22:11:26 2005
Return-path: <horms@koto.vergenet.net>
Received: from koto.vergenet.net [210.128.90.7] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1ENO2Q-0004Cf-00; Wed, 05 Oct 2005 22:11:26 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
	id D37863402F; Thu,  6 Oct 2005 14:10:54 +0900 (JST)
Date: Thu, 6 Oct 2005 14:04:18 +0900
From: Horms <horms@debian.org>
To: 303500-done@bugs.debian.org
Subject: #303500: CAN-2005-0400: EXT2 File System Information Leak Vulnerability
Message-ID: <20051006050418.GA19241@verge.net.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Cluestick: seven
User-Agent: Mutt/1.5.11
Delivered-To: 303500-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

#303500: CAN-2005-0400: EXT2 File System Information Leak Vulnerability

Fixed in 2.6.8-16

-- 
Horms

Reply to:

Prev by Date: Bug#295949: marked as done (kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS)
Next by Date: Bug#305664: marked as done (CAN-2004-0790: TCP connection DoS through ICMP_QUENCH messages)
Previous by thread: Bug#295949: marked as done (kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS)
Next by thread: Bug#305664: marked as done (CAN-2004-0790: TCP connection DoS through ICMP_QUENCH messages)
Index(es):
- Date
- Thread