Bug 84581 (CVE-2005-0757)

Summary: VUL-0: CVE-2005-0757: kernel ext3 xattr crash
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Andreas Gruenbacher <agruen>
Status: RESOLVED WORKSFORME QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-0757: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2005-05-19 09:29:39 UTC 
We received the following report via security@suse.de.
The issue is public.

Just for completeness so we have the CAN# in bugzilla. IIRC we fixed that long time ago right?

Date: Thu, 19 May 2005 10:43:41 +0200 (MEST)
From: win-sec-ssc@dfn-cert.de
To: win-sec-ssc@dfn-cert.de
Cc: 
Subject: [security@suse.de] [RedHat] Schwachstelle im Linux-Kernel -
	RHSA-2005:294-01

-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CAN-2005-0757 - Denial of Service durch Fehler bei der Behandlung
erweiterter Dateiattribute

  Ein lokaler Angreifer kann einen Fehler in der Behandlung erweiterter
  Dateiattribute im ext3-Dateisystem ein verwundbares System zum Absturz
  bringen. Dazu muss er auf einem 64-Bit System Zugriff auf eine
  ext3-Partition mit aktivierten erweiterten Dateiattributen haben.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x,
  x86_64
  Red Hat Desktop version 3 - i386, x86_64
  Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
  Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,

	Marco Thorbruegge, DFN-CERT

- -- 
Marco Thorbruegge (CSIRT), DFN-CERT Services GmbH
Web: https://www.dfn-cert.de/, Phone: +49-40-808077-555
PGP RSA/2048, AE662425, 7E5C A77A F91D 63D1 02AB 9526 53FF F1A0

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages available for Red Hat Enterprise Linux 3 Update 5
Advisory ID:       RHSA-2005:294-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-294.html
Issue date:        2005-05-18
Updated on:        2005-05-18
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2005:293
CVE Names:         CAN-2005-0757
- - ---------------------------------------------------------------------

1. Summary:

Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 3.  This is the
fifth regular update.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This is the fifth regular kernel update to Red Hat Enterprise Linux 3.

New features introduced by this update include:

  - support for 2-TB partitions on block devices
  - support for new disk, network, and USB devices
  - support for clustered APIC mode on AMD64 NUMA systems
  - netdump support on AMD64, Intel EM64T, Itanium, and ppc64 systems
  - diskdump support on sym53c8xx and SATA piix/promise adapters
  - NMI switch support on AMD64 and Intel EM64T systems

There were many bug fixes in various parts of the kernel.  The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 3.

Some key areas affected by these fixes include the kernel's networking,
SATA, TTY, and USB subsystems, as well as the architecture-dependent
handling under the ia64, ppc64, and x86_64 directories.  Scalability
improvements were made primarily in the memory management and file
system areas.

A flaw in offset handling in the xattr file system code backported to
Red Hat Enterprise Linux 3 was fixed.  On 64-bit systems, a user who
can access an ext3 extended-attribute-enabled file system could cause
a denial of service (system crash).  This issue is rated as having a
moderate security impact (CAN-2005-0757).

...
Comment 1 Andreas Gruenbacher 2005-05-19 09:38:13 UTC 
Den Bug hatten wir meines Wissens nie in einem Produkt. Die RedHats haben eine 
alte Version der Patches verwendet; selbst schuld.
Comment 2 Thomas Biege 2009-10-13 21:24:21 UTC 
CVE-2005-0757: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)