Bug 7758

Summary:	minix_bmap denial of service (CVE-2006-6058)
Product:	File System	Reporter:	Daniel Drake (dsd)
Component:	Other	Assignee:	Eric Sandeen (sandeen-xfs)
Status:	CLOSED PATCH_ALREADY_AVAILABLE
Severity:	normal	CC:	protasnb, sandeen-xfs
Priority:	P2
Hardware:	i386
OS:	Linux
Kernel Version:	2.6.19	Subsystem:
Regression:	---	Bisected commit-id:

Description Daniel Drake 2007-01-01 17:12:36 UTC

I can't seem to find a patch to fix this security vuln. Apologies if I missed
something. Mailed security@kernel.org about this but didn't get a response. I
guess this filesystem is not exactly heavily used these days...

http://projects.info-pull.com/mokb/MOKB-17-11-2006.html

Linux 2.6.x minix filesystem code fails to properly handle corrupted data
structures, leading to an exploitable denial of service issue when a crafted fs
stream is being mounted. 

See the above URL for a fs image which can be used to reproduce this.

Comment 1 Eric Sandeen 2007-06-07 08:05:03 UTC

I'll see if I can find some time to take a look at this one, so as not to
disappoint all the minixfs users out there :)

Comment 2 Natalie Protasevich 2008-04-16 00:29:37 UTC

Any updates on this bug?
Thanks.

Comment 3 Eric Sandeen 2008-04-16 05:52:16 UTC

Oh, yep - fixed a while ago, sorry:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f44ec6f3f89889a469773b1fd894f8fcc07c29cf