Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48D1E9ED.1030809@redhat.com>
Date: Thu, 18 Sep 2008 13:41:01 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2008-3528 Linux kernel ext[234] directory corruption DoS

The ext[234] filesystem code fails to properly handle corrupted data
structures. With a mounted filesystem image or partition that have
corrupted dir->i_size and dir->i_blocks, a user performing either a read
or write operation on the mounted image or partition can lead to a
possible denial of service.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=459577
http://lkml.org/lkml/2008/9/13/98
http://lkml.org/lkml/2008/9/13/99
http://lkml.org/lkml/2008/9/17/371

The issue is not fixed upstream yet, but the patch has been added to -mm
 tree. I will update this email as soon as I know the commit hashes.
This issue has been allocated with CVE-2008-3528.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.