Bug#311164: CAN-2005-0757: DoS possibility in xattrs handling on 64 bits archs

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#311164: CAN-2005-0757: DoS possibility in xattrs handling on 64 bits archs
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 29 May 2005 15:46:46 +0200
Message-id: <[🔎] E1DcO7q-0001Xl-Nx@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 311164@bugs.debian.org

Package: kernel-source-2.4.27
Severity: important
Tags: security

Quoting from http://rhn.redhat.com/errata/RHSA-2005-294.html:
A flaw in offset handling in the xattr file system code backported to
Red Hat Enterprise Linux 3 was fixed. On 64-bit systems, a user who
can access an ext3 extended-attribute-enabled file system could cause
a denial of service (system crash). This issue is rated as having a
moderate security impact (CAN-2005-0757).

I couldn't find further information on whether this is already fixed
in 2.4.27, do you have further information?

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Reply to:

Prev by Date: Re: kernel updates accepted for sarge
Next by Date: Re: kernel updates accepted for sarge
Previous by thread: kernel-image-2.6.8-ia64_2.6.8-14_ia64.changes ACCEPTED
Next by thread: Bug#311187: kernel-image-2.6.8-2-k7: kernel panic when removing external usb storage (LG GSA-4040B in Sarotech MyBox 5.25 in.)
Index(es):
- Date
- Thread