[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] gfs2 security issue


Yes, we know and the fix is pretty much ready to go. It isn't a priv
escalation anyway, its memory corruption most likely leading to an oops.


On Fri, 2010-04-30 at 15:59 +0000, yvette hirth wrote:
> i just saw this on a SANS security vulnerability alert.  is everyone 
> aware of this?
> 10.18.18 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel "gfs2_quota" Structure Write Local Privilege
> Escalation
> Description: The Linux kernel is exposed to a local
> privilege escalation issue affecting the "gfs2" file system.
> Specifically, when a "gfs2_quota" structure straddles a page boundary,
> updates to the structure are not correctly written to disk. This can
> result in a buffer overflow condition which may lead to memory
> corruption.
> Ref: http://www.securityfocus.com/bid/39715
> fyi
> yvette hirth
> --
> Linux-cluster mailing list
> Linux-cluster redhat com
> https://www.redhat.com/mailman/listinfo/linux-cluster

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]