[kernel-sec-discuss] r692 - active

Martin Pitt mpitt at alioth.debian.org
Tue Jan 16 12:01:37 CET 2007 

Author: mpitt
Date: 2007-01-16 12:01:36 +0100 (Tue, 16 Jan 2007)
New Revision: 692

Modified:
   active/CVE-2006-5757
   active/CVE-2006-6060
Log:
info for CVE-2006-6060

Modified: active/CVE-2006-5757
===================================================================
--- active/CVE-2006-5757	2007-01-16 10:53:07 UTC (rev 691)
+++ active/CVE-2006-5757	2007-01-16 11:01:36 UTC (rev 692)
@@ -7,12 +7,13 @@
  users to cause a denial of service (infinite loop) by mounting a
  crafted ISO9660 filesystem containing malformed data structures.
 Ubuntu-Description: 
- A race condition was found in the ISO9660 file system. By mounting a
- specially crafted CD-ROM, a local attacker could exploit this to
- trigger an infinite loop in the kernel, rendering the machine
- unusable.
+ A race condition was found in the grow_buffers() function. By mounting a
+ specially crafted ISO9660 or NTFS file system, a local attacker could
+ exploit this to trigger an infinite loop in the kernel, rendering the
+ machine unusable.
 Notes: 
  http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
+ http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
 Bugs: 
 upstream: released (2.6.19-rc2)
 linux-2.6: 

Modified: active/CVE-2006-6060
===================================================================
--- active/CVE-2006-6060	2007-01-16 10:53:07 UTC (rev 691)
+++ active/CVE-2006-6060	2007-01-16 11:01:36 UTC (rev 692)
@@ -1,8 +1,6 @@
 Candidate: CVE-2006-6060
 References: 
  MISC:http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
- XF:kernel-ntfs-dos(30418)
- URL:http://xforce.iss.net/xforce/xfdb/30418 
 Description: 
  The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
  other versions, allows local users to cause a denial of service (CPU
@@ -10,13 +8,14 @@
  in the __find_get_block_slow function.
 Ubuntu-Description: 
 Notes: 
+ fixed by patch for CVE-2006-5757 since the bug is in the common
+ __find_get_block_slow() function.
 Bugs: 
 upstream: 
 linux-2.6: 
 2.6.18-etch: 
-2.6.8-sarge-security: 
+2.6.8-sarge-security: needed
 2.4.27-sarge-security: 
-2.6.12-breezy-security: 
-2.6.15-dapper-security: 
-2.6.17-edgy-security: 
-2.6.19-feisty: 
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed

More information about the kernel-sec-discuss mailing list