SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel Journaling Block Device Input Validation Flaw Lets Local Users Deny Service
SecurityTracker Alert ID:  1026325
SecurityTracker URL:  http://securitytracker.com/id/1026325
CVE Reference:   CVE-2011-4132   (Links to External Site)
Date:  Nov 14 2011
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.6.x
Description:   A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.

The kernel's Journaling Block Device (JBD) code does not properly validate block values. A local user can mount a specially crafted ext3 or ext4 image to cause the target system to crash.

Impact:   A local user can cause the target user to crash.
Solution:   The vendor has issued a fix, available at:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8762202dd0d6e46854f786bdb6fb3780a1625efe

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 11 2012 (Red Hat Issues Fix) Linux Kernel Journaling Block Device Input Validation Flaw Lets Local Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise MRG for Red Hat Enterprise Linux 6.
Jan 11 2012 (Red Hat Issues Fix) Linux Kernel Journaling Block Device Input Validation Flaw Lets Local Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC