The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2006-0554

Linux kernel: information disclosure on XFS via ftruncate

Synthesis of the vulnerability

A local attacker can obtain sensitive information located on XFS.
Severity of this threat: 1/4.
Creation date: 02/03/2006.
Références of this weakness: BID-16921, CERTA-2002-AVI-035, CVE-2006-0554, DSA-1103-1, MDKSA-2006:059, MDKSA-2006:150, SGI bug 942658, SUSE-SA:2006:028, VIGILANCE-VUL-5666.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ftruncate() function truncates or extents size of a file.

On a XFS filesystem, this function sometimes incorrectly extents the size of the file. Data located at the end of file may thus contain sensitive information.

This vulnerability therefore permits a local attacker to obtain information.
Full Vigil@nce bulletin... (Free trial)

This computer vulnerability announce impacts software or systems such as Debian, Linux, Mandriva Linux, Mandriva NF, openSUSE.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat

Linux kernel: version 2.6.15.5.
Version 2.6.15.5 is corrected:
  http://www.kernel.org/

Linux kernel: version 2.6.16.
Version 2.6.16 is corrected:
  http://www.kernel.org/

Debian: new kernel 2.6 packages.
New packages are available:
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 2779348 210a335431d029842eb82036d5326edf
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 258446 1d48b727a22487e4b34f4894b2a9a7f2
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 256322 8f73439c2a920c66ae05d3ceba45229a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 253564 4ce8f253c15562e9d11a985e135d94b4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 256504 5a5c2acd3ef2fb3764489ed77865739e
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 253486 48f046411662bdde50195f8bdb421efa
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 14063774 13d8810b179bb8408645e7fab57d114a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 15536484 0a47b2f9fc33d4b7a52eb68b54419c82
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 15346402 fffd9fb96343167ccc32356fa307152a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 15261026 cbdee84292a612fddca022377e38eebb
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge3_i386.deb
      Size/MD5 checksum: 15124168 248b85e7c59930aeb63fda6a0366b9a2
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6606 27049d0c329dc1cad092b2d53c3322ec
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6678 f3967dddbec5691733d49246d09f8cb3
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6638 acc1b57c5a246304f9cee279574811e9
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6706 5c28f912ecc42291a9ec3ef0f13c6041
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 3098862 aee4e1b99a34047fbf47941e2dced300
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 199934 484af4636ad4d64ecbf89dd7b47cda03
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 199302 8b6e3253f9c04054e1e9d2066e4323c0
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 199582 8b97de7837305ad8728bc0ab4bfeccb1
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 199190 508601b56facbca5211e2e3f1a819d4e
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6602 dea61776e4279d8906f3d552af3ed55c
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6670 d8ab34493a8cfc857dccd8a84743017a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6630 04e4d5b971ec3523b80a3f2373afbf73
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 6700 f5cc48a00ca305eaea622738ce0d6570
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 21476428 ec3548487a558e67913419b84c84999c
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 22133136 0d6292568fadcc40f65e87314315165c
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 21408908 539197e6af86ff9583cf43d12ad109b1
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge3_ia64.deb
      Size/MD5 checksum: 22154322 a4ae9740b9459b0a43c47b5b6e546515

Mandriva Corporate, MNF: new kernel packages.
New packages are available:
 Corporate 3.0:
 9d14c43145beafb4e63fe8cae758d0f6 corporate/3.0/RPMS/kernel-2.6.3.35mdk-1-1mdk.i586.rpm
 e7331f51ed5cf4edee33efcb01f49243 corporate/3.0/RPMS/kernel-BOOT-2.6.3.35mdk-1-1mdk.i586.rpm
 dcb027450192d7d73f407f30d3e3e852 corporate/3.0/RPMS/kernel-enterprise-2.6.3.35mdk-1-1mdk.i586.rpm
 59f29ace5cc862c84cace5d046d6302e corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.35mdk-1-1mdk.i586.rpm
 6b062c5059587a927f31fea04fb91a3a corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.35mdk-1-1mdk.i586.rpm
 744287198a20913bd38b1c1d37a68bd2 corporate/3.0/RPMS/kernel-secure-2.6.3.35mdk-1-1mdk.i586.rpm
 17780ad90f4989615baab5f115074f8a corporate/3.0/RPMS/kernel-smp-2.6.3.35mdk-1-1mdk.i586.rpm
 4555bac09b7ce50d83b97c47af0b2724 corporate/3.0/RPMS/kernel-source-2.6.3-35mdk.i586.rpm
 7165754462cdfcd92c894f56623bc8b0 corporate/3.0/RPMS/kernel-source-stripped-2.6.3-35mdk.i586.rpm
 e59db387f0642f5293dc60283832557b corporate/3.0/SRPMS/kernel-2.6.3.35mdk-1-1mdk.src.rpm
 Corporate 3.0/X86_64:
 918a70fe836d900b217f442b5208c779 x86_64/corporate/3.0/RPMS/kernel-2.6.3.35mdk-1-1mdk.x86_64.rpm
 dd1ea77b15bd07c75f5ab7caf00dbde0 x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.35mdk-1-1mdk.x86_64.rpm
 c8964849f4142c2c51c3ddd298513753 x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.35mdk-1-1mdk.x86_64.rpm
 7a98664c4ba5f0d50a500c1158a8fb08 x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.35mdk-1-1mdk.x86_64.rpm
 3c4d5ca4f7a1a91d99fc182e499c9e76 x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-35mdk.x86_64.rpm
 a25c6705ba2b70c85c1c86e68cb0d3cd x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-35mdk.x86_64.rpm
 e59db387f0642f5293dc60283832557b x86_64/corporate/3.0/SRPMS/kernel-2.6.3.35mdk-1-1mdk.src.rpm
 Multi Network Firewall 2.0:
 5cab4be7c19a67689f33f01de208879e mnf/2.0/RPMS/kernel-2.6.3.35mdk-1-1mdk.i586.rpm
 ee1db88c9010b3a1af0f5ea93ce86505 mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.35mdk-1-1mdk.i586.rpm
 0e3618eec1dcb5bca817ecec7e912836 mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.35mdk-1-1mdk.i586.rpm
 ded09245567203340c86b3ddacf21b3a mnf/2.0/RPMS/kernel-secure-2.6.3.35mdk-1-1mdk.i586.rpm
 7efdc84f2748f1c2237a72ef94d90b31 mnf/2.0/RPMS/kernel-smp-2.6.3.35mdk-1-1mdk.i586.rpm
 d12744fdab6bf6606ed13fae69b51f50 mnf/2.0/SRPMS/kernel-2.6.3.35mdk-1-1mdk.src.rpm

Mandriva: new kernel packages.
New packages are available:
 Mandriva Linux 2006.0:
 1b218623b306f20afa82d0016d7f2b02 2006.0/RPMS/kernel-2.6.12.18mdk-1-1mdk.i586.rpm
 a051bd99d550490b0f878e53e68dad2f 2006.0/RPMS/kernel-BOOT-2.6.12.18mdk-1-1mdk.i586.rpm
 2ed8565ec9f4bbf280ee38563cbf5ae9 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.18mdk-1-1mdk.i586.rpm
 93f467fbc20508c7cfcc1291c00883a4 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.18mdk-1-1mdk.i586.rpm
 6d682e1336225bfe35c145a9b735cee2 2006.0/RPMS/kernel-smp-2.6.12.18mdk-1-1mdk.i586.rpm
 e2a7bf396ef80eb13b3b49e49a632d5e 2006.0/RPMS/kernel-source-2.6-2.6.12-18mdk.i586.rpm
 61e26ccfa23888a5e877137565bd2e62 2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-18mdk.i586.rpm
 d6b3b6357df23337584dcf53d17468d3 2006.0/RPMS/kernel-xbox-2.6.12.18mdk-1-1mdk.i586.rpm
 4b6b2309768ff66a5277cd0b2ad6135f 2006.0/RPMS/kernel-xen0-2.6.12.18mdk-1-1mdk.i586.rpm
 6ea381cb538e6f845bdf7dd10f15b623 2006.0/RPMS/kernel-xenU-2.6.12.18mdk-1-1mdk.i586.rpm
 661bf62bc99323115940fd5a088df875 2006.0/SRPMS/kernel-2.6.12.18mdk-1-1mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 f01f7df9165bc18cecef5c306fadd288 x86_64/2006.0/RPMS/kernel-2.6.12.18mdk-1-1mdk.x86_64.rpm
 d1c1a1bd3a95220dbb33dc51a8bf6515 x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.18mdk-1-1mdk.x86_64.rpm
 bab61b2878c55528c09c327e8fdbb444 x86_64/2006.0/RPMS/kernel-smp-2.6.12.18mdk-1-1mdk.x86_64.rpm
 222a970d935dcd178f943e2cedb96091 x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-18mdk.x86_64.rpm
 2a327a55284339a3cec137b10f55b16d x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-18mdk.x86_64.rpm
 661bf62bc99323115940fd5a088df875 x86_64/2006.0/SRPMS/kernel-2.6.12.18mdk-1-1mdk.src.rpm

SUSE: new kernel packages.
New packages are available:
  SUSE LINUX 10.0: kernel 2.6.13-15.10
  SUSE LINUX 9.3: kernel 2.6.11.4-21.12
  SUSE LINUX 9.2: kernel 2.6.8-24.21
  SUSE LINUX 9.1: kernel 2.6.5-7.257
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.