Vigil@nce: Linux kernel, denial of service via GFS2 rename
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can rename a file on GFS2, in order to stop the
system.
– Severity: 1/4
– Creation date: 02/08/2010
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports GFS/GFS2 (Global File System).
When a user renames a file on GFS2, and if the length of the new
file name is the same as the length of the old file name, the
kernel simply replaces the entry in the directory. However, if the
file to rename is located at the first entry of the directory, the
gfs2_dirent_find_space() function of the fs/gfs2/dir.c file does
not find this entry, and a NULL pointer is dereferenced.
A local attacker can therefore rename a file on GFS2, in order to
stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-GFS2-rename-9802