linux, säkerhet

8298019 2002-04-15 18:32 -0500  /29 rader/ H D Moore <sflist@digitaloffense.net>
Sänt av: joel@lysator.liu.se
Importerad: 2002-04-17  00:19  av Brevbäraren
Extern mottagare: agent99@sgi.com
Extern mottagare: linux-xfs@oss.sgi.com
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <21857>
Kommentar till text 8291807 av SGI Security Coordinator <agent99@sgi.com>
Ärende: Re: IRIX XFS filesystem denial of service attack
------------------------------------------------------------
From: H D Moore <sflist@digitaloffense.net>
To: agent99@sgi.com, linux-xfs@oss.sgi.com, bugtraq@securityfocus.com
Message-ID: <200204151832.38497.sflist@digitaloffense.net>

Does this vulnerability affect the Linux XFS port? The XFS page has no 
information about this or whether there is a fix available:

http://oss.sgi.com/projects/xfs/

-HD

On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote:
>
>                           SGI Security Advisory
>
>         Title:      IRIX XFS filesystem denial of service attack
>         Number:     20020402-01-P
>         Date:       April 15, 2002
>         Reference:  CAN-2002-0042
> -----------------------
> --- Issue Specifics ---
> -----------------------
>
> It has been reported that there is a vulnerability in IRIX's XFS
> filesystem. Under some circumstances, a user can create a file that would
> hang any application that would try to access it.  This has the potential
> to be used to create a Denial of Service attack.
(8298019) /H D Moore <sflist@digitaloffense.net>/---
Kommentar i text 8298428 av Eric Sandeen <sandeen@sgi.com>
8298428 2002-04-16 16:40 -0500  /25 rader/ Eric Sandeen <sandeen@sgi.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-04-17  01:52  av Brevbäraren
Extern mottagare: H D Moore <sflist@digitaloffense.net>
Extern kopiemottagare: agent99@sgi.com
Extern kopiemottagare: linux-xfs@oss.sgi.com
Extern kopiemottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <21868>
Kommentar till text 8298019 av H D Moore <sflist@digitaloffense.net>
Ärende: Re: IRIX XFS filesystem denial of service attack
------------------------------------------------------------
From: Eric Sandeen <sandeen@sgi.com>
To: H D Moore <sflist@digitaloffense.net>
Cc: agent99@sgi.com, linux-xfs@oss.sgi.com, bugtraq@securityfocus.com
Message-ID: <1018993200.8789.377.camel@stout.americas.sgi.com>

hi HD - 

I don't believe that Linux is affected.  I've been told that the
Linux I/O path was written specifically to avoid this problem, and I
have run some test cases from our original bug report, and did not
see the described behavior.  I'll look a bit more and reply when I
know for sure.

-Eric

On Mon, 2002-04-15 at 18:32, H D Moore wrote:
> Does this vulnerability affect the Linux XFS port? The XFS page has no 
> information about this or whether there is a fix available:


-- 
Eric Sandeen      XFS for Linux     http://oss.sgi.com/projects/xfs
sandeen@sgi.com   SGI, Inc.
(8298428) /Eric Sandeen <sandeen@sgi.com>/(Ombruten)