Vigil@nce - Linux kernel : file modification via ext4 MOVE_EXT
juin 2010 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
On an ext4 filesystem, a local attacker can use the MOVE_EXT
ioctl, in order to alter a file with the AppendOnly or Immutable
attribute.
Severity : 1/4
Creation date : 07/06/2010
DESCRIPTION OF THE VULNERABILITY
The ext4 file system supports various extended attributes :
– Immutable : the file cannot be changed
– AppendOnly : it is only possible to write at the end of the file
The MOVE_EXT ioctl is used to move an ext4 extent. However, the
mext_check_arguments() function of the fs/ext4/move_extent.c file
does not forbid to move an extent of an AppendOnly or Immutable
file.
On an ext4 filesystem, a local attacker can therefore use the
MOVE_EXT ioctl, in order to alter a file with the AppendOnly or
Immutable attribute.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-file-modification-via-ext4-MOVE-EXT-9687