Bug 50463 (CVE-2004-0133)

Summary: VUL-0: CVE-2004-0133: kernel: xfs filesystem infoleak
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: aj, ihno, mfrueh, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0133: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2004-03-08 23:59:14 UTC 
Hi Hubert, 
we have a infomation leakage in XFS too. 
 
Date: Fri,  5 Mar 2004 15:40:30 -0500 (EST) 
From: Mike O'Connor <mjo@dojo.mi.org> 
To: vendor-sec List <vendor-sec@lst.de> 
Subject: Re: [vendor-sec] Linux ext3fs infoleak -- HITS XFS AS WELL 
 
: 
:I believe I'm seeing a similar leakage with XFS.  I'm chasing this 
:down with our XFS folks... 
: 
 
Chris Wright had said that he didn't see XFS problems.  But after some 
private emails, we both learned more about the memory patterns associated 
with slab poisoning, and found that XFS was indeed being a bad boy and 
not zero-ing out memory when it wrote log buffers.  :)  Internally, this 
is SGI bug 1060387.  You'll want the fix below: 
 
 
--- /usr/tmp/TmpDir.14586-0/fs/xfs/xfs_log.c_1.289      2004-03-04 
16:11:07.000000000 -0600 
+++ fs/xfs/xfs_log.c    2004-03-04 16:10:28.000000000 -0600 
@@ -1227,7 +1227,7 @@ 
                          kmem_zalloc(sizeof(xlog_in_core_t), 
KM_SLEEP); 
                iclog = *iclogp; 
                iclog->hic_data = (xlog_in_core_2_t *) 
-                         kmem_alloc(iclogsize, KM_SLEEP); 
+                         kmem_zalloc(iclogsize, KM_SLEEP); 
 
                iclog->ic_prev = prev_iclog; 
                prev_iclog = iclog; 
 
 
Eric Sandeen/Nathan Scott will be getting this into public XFS source, 
2.4, 2.6, etc. with an innocuous changelog entry.  This should make the 
upcoming 2.4.26, and the vendors' kernels that have XFS in them. 
 
Thanks to Chris for much-needed sanity checking and Solar Designer for 
flagging this in the first place. 
 
 
-- 
 Mail: mjo@dojo.mi.org  WWW: http://dojo.mi.org/~mjo/  Phone: +1 248 427 4481 
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= 
"I love it when a plan comes together."                           -"Hannibal" 
_______________________________________________ 
Vendor Security mailing list 
Vendor Security@lst.de 
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Comment 1 Thomas Biege 2004-03-08 23:59:14 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2004-03-09 20:31:22 UTC 
CAN-2004-0133
Comment 3 Hubert Mantel 2004-03-11 21:54:07 UTC 
Kernels are waiting for check in.
Comment 4 Thomas Biege 2004-03-24 00:59:52 UTC 
packages released.
Comment 5 Thomas Biege 2009-10-13 20:17:29 UTC 
CVE-2004-0133: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)