The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: file reading on XFS

Synthesis of the vulnerability 

On an XFS filesystem, when a file is in write-only mode, a local attacker can use the SWAPEXT ioctl, in order to read the file.
Vulnerable products: Debian, Fedora, Linux, Mandriva Linux, openSUSE, RHEL, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.
Severity of this weakness: 1/4.
Creation date: 17/06/2010.
Références of this bulletin: BID-40920, CVE-2010-2226, DSA-2094-1, FEDORA-2010-13110, MDVSA-2010:188, MDVSA-2010:198, openSUSE-SU-2010:0664-1, RHSA-2010:0610-01, SUSE-SA:2010:046, SUSE-SA:2010:060, SUSE-SA:2011:007, SUSE-SU-2011:0928-1, VIGILANCE-VUL-9714, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability 

The Linux kernel supports the XFS (IRIX) filesystem.

The file.f_mode bitfield indicates the mode of a file:
 - FMODE_READ : open for reading
 - FMODE_WRITE : open for writing
 - etc.

The SWAPEXT ioctl calls the xfs_swapext() function of the fs/xfs/xfs_dfrag.c file, which copies data and extended attributes of a file to a temporary file. However, this function does not check if the source file is open in read mode (FMODE_READ) before copying it in an attacker's file.

On an XFS filesystem, when a file is in write-only mode, a local attacker can therefore use the SWAPEXT ioctl, in order to read the file.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as Debian, Fedora, Linux, Mandriva Linux, openSUSE, RHEL, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat 

Linux kernel: patch for XFS.
A patch is available in information sources.

Debian: new linux-2.6 packages.
New packages are available:
  linux-2.6_2.6.26-24lenny1

Fedora 12: new kernel packages.
New packages are available:
  kernel-2.6.32.19-163.fc12

Mandriva 2009.0: new kernel packages.
New packages are available:
  Mandriva Linux 2009.0: kernel-2.6.27.53-1mnb2

Mandriva 2010.1, MES 5: new kernel packages.
New packages are available:
  Mandriva Linux 2010.1: kernel-2.6.33.7-2mnb-1-1mnb2
  Mandriva Enterprise Server 5: kernel-2.6.27.53-1mnb-1-1mnb2

openSUSE 11.2: new kernel packages.
New packages are available:
  kernel-*-2.6.31.14-0.1.1

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-194.11.1.el5

SUSE LE 10: new kernel packages (14/12/2010).
New packages are available:
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
  http://download.novell.com/patch/finder/?keywords=674eb707cae3a31be66788e116641a9a
SUSE Linux Enterprise Server 10 SP3
  http://download.novell.com/patch/finder/?keywords=674eb707cae3a31be66788e116641a9a
  http://download.novell.com/patch/finder/?keywords=8bc9a9f71e0364816351d414eb3c9832
  http://download.novell.com/patch/finder/?keywords=c12e832d9f0b5b30c9d4e408ab99b34d
  http://download.novell.com/patch/finder/?keywords=7a6102f48e04658e517624d16e7806bc
  http://download.novell.com/patch/finder/?keywords=2d433ce13217ec9e95c2b22bce28b8ed
SLE SDK 10 SP3
  http://download.novell.com/patch/finder/?keywords=674eb707cae3a31be66788e116641a9a
  http://download.novell.com/patch/finder/?keywords=c12e832d9f0b5b30c9d4e408ab99b34d
  http://download.novell.com/patch/finder/?keywords=7a6102f48e04658e517624d16e7806bc
  http://download.novell.com/patch/finder/?keywords=2d433ce13217ec9e95c2b22bce28b8ed
SUSE Linux Enterprise Desktop 10 SP3
  http://download.novell.com/patch/finder/?keywords=674eb707cae3a31be66788e116641a9a
  http://download.novell.com/patch/finder/?keywords=2d433ce13217ec9e95c2b22bce28b8ed
SUSE Linux Enterprise Desktop 10 SP3 for x86
  http://download.novell.com/patch/finder/?keywords=2d433ce13217ec9e95c2b22bce28b8ed

SUSE LE 9: new kernel packages (23/08/2011).
New packages are available:
http://download.novell.com/patch/finder/?keywords=c05dae2ea95bb787f18166cf12f585e3

SUSE LE RT 11: new kernel-rt packages.
New packages are available:
  SUSE Linux Enterprise Real Time 11 SP1
    http://download.novell.com/patch/finder/?keywords=956b7941659a9a350984b3e4fa8be427

VMware: corrected versions.
Following versions are corrected:
VMware vCenter Server 4.1 Update 1 and modules
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
VMware vCenter Server 4.0 Update 3
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://www.vmware.com/support/vsphere4/doc/vsp_vc40_u3_rel_notes.html
ESXi 4.1 Installable Update 1
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
  http://kb.vmware.com/kb/1027919
ESX 4.1 Update 1
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
  http://kb.vmware.com/kb/1029353
ESXi 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677367/ESXi400-201103001.zip
  http://kb.vmware.com/kb/1032823
ESX 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574144/ESX400-201103001.zip
  http://kb.vmware.com/kb/1032822
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity alert. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.