| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2010-0727
Linux kernel: denial of service via GFS
Synthesis of the vulnerability
| A local attacker can lock a file on a GFS system, in order to stop the kernel. |
Severity: 1/4.
Creation date: 12/03/2010.
|
Description of the vulnerability
The Linux kernel supports GFS (Global File System).
A file can be locked with two modes:
- advisory locking : the process manages parallel accesses, before each read()/write()
- mandatory locking : the system manages parallel accesses, by checking the bit Sgid without the bit GroupExecute during each read()/write()
A local attacker can lock a GFS file with an "advisory locking", and then change the file mode to simulate a "mandatory locking". When the file is locked, the kernel does not manage this special case, and calls the BUG() macro.
A local attacker can therefore lock a file on a GFS system, in order to stop the kernel. |
Complete Vigil@nce bulletin
Characteristics
Title: Linux kernel: denial of service via GFS.
Keywords: BUG File GFS Global GroupExecute Linux Sgid System denial kernel service.
Identifiers: 570863, BID-39101, CVE-2010-0727, DSA 2053-1, MDVSA-2010:066, MDVSA-2010:067, RHSA-2010:0178-02, RHSA-2010:0291-04, RHSA-2010:0330-01, RHSA-2010:0331-01, RHSA-2010:0380-01, RHSA-2010:0521-01, VIGILANCE-VUL-9513.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service
|
