News
Vigil@nce - Linux kernel: JFS xattr access bypass
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can access extended attributes without necessary permissions using os2 namespace.
Severity: 1/4
Creation date: 24/08/2010
DESCRIPTION OF THE VULNERABILITY
The JFS filesystem handles extended attributs (xattr). They are sorted by namespace and accessible via their full name of the form "namespace.attributename". Five namespaces are defined : user, trusted, system, security and os2. Access to attributes is regulated.
Historically, attributes of os2 namespace are stored without prefix. For example, attribute "os2.attrname", is accessed by the driver as "attrname". However, if a full valid name is prefixed by os2 namespace, for example "os2.system.attrname", the attribute "system.attrname" is accessed, bypassing access restrictions to "system.attrname" attribute.
An attacker can therefore access extended attributes without necessary permissions using os2 namespace.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
GOLD SPONSOR
