[Please upgrade kernel on all distributions. Expect new vendor kernel packages soon -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <[EMAIL PROTECTED]> From: Arkoon Security Team <[EMAIL PROTECTED]> To: [email protected] Cc: [EMAIL PROTECTED] Subject: Information leak in the Linux kernel ext2 implementation Date: Fri, 01 Apr 2005 14:59:42 +0200 Description: Information leak in the Linux kernel ext2 implementation References: CAN-2005-0400 Authors: Mathieu Lafon <[EMAIL PROTECTED]> Romain Francoise <[EMAIL PROTECTED]> Arkoon Security Team Advisory - March 25, 2005 http://arkoon.net/advisories/ext2-make-empty-leak.txt Revision: 1.0 1. Description The function ext2_make_empty() used in the Linux implementation of the ext2 filesystem is vulnerable to an information leak. Upon directory creation, a new block is obtained from kernel memory to store the initial directory entries ('.' and '..'). This block is used and written to disk uninitialized, leading to an information leak in the block's slack space. Depending on block size, up to 4072 (4096 - 2 * 12) bytes of kernel memory can be leaked on each directory creation. This quantity then decreases when additional entries are added to the directory block. Note: since the ext2 implementation uses the dir-in-pagecache design, any part of kernel memory is susceptible to be leaked, not only old disk/filesystem data. 2. Impact Leaked kernel memory can be found in ext2 filesystems; either on hard drives, removable media (USB thumb drives, flash cards), initrd images, UML filesystem images, etc... A quick scan reveals that most ext2 images found on the Internet contain information that was not meant to be distributed (ranging from xterm scrollback data to email tidbits). 3. Affected versions Linux 2.4.x series: all versions up to 2.4.29 (fixed in 2.4.30-rc2) Linux 2.6.x series: all versions up to 2.6.11.5 (fixed in 2.6.11.6) 4. Vendor response This vulnerability was acknowledged by the Kernel Security Team ([EMAIL PROTECTED]) and fixed in versions 2.4.30-rc2 and 2.6.11.6. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-0400 to this issue. 5. Timeline 03/15/2005 - Vulnerability discovered 03/16/2005 - Vulnerability details sent to [EMAIL PROTECTED] 03/16/2005 - Vulnerability confirmed by kernel maintainers 03/25/2005 - Linux 2.6.11.6 released with fix 03/25/2005 - Linux 2.4.30-rc2 released with fix 04/01/2005 - Public disclosure 6. Credits This vulnerability was discovered by Romain Francoise and Mathieu Lafon of the Arkoon Security Team (http://www.arkoon.com/). Thanks to Andrew Morton, Marcelo Tosatti, Linus Torvalds, Alan Cox and Chris Wright for their quick response. 7. About us Arkoon Network Security's Security Team provides security intelligence to Arkoon's departments, partners and clients, and to the security community at large. For further information, see http://www.arkoon.com/. 8. Legal notices Copyright (C) 2005 Arkoon Network Security Disclaimer: this document and all information therein are provided "as is" without warranty of any kind, whether express or implied. Arkoon Network Security does not warrant or assume any legal liability or responsibility for the accuracy or completeness of this information, nor for the possible damage caused by the use of it. ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
