CVE-2010-0727
Priority
Medium
Description
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312,
and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux
(RHEL) 5 and 6, does not properly remove POSIX locks on files that are
setgid without group-execute permission, which allows local users to cause
a denial of service (BUG and system crash) by locking a file on a (1) GFS
or (2) GFS2 filesystem, and then changing this file's permissions.
and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux
(RHEL) 5 and 6, does not properly remove POSIX locks on files that are
setgid without group-execute permission, which allows local users to cause
a denial of service (BUG and system crash) by locking a file on a (1) GFS
or (2) GFS2 filesystem, and then changing this file's permissions.
References
Package
| Upstream: | needed |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
Package
| Upstream: | needed |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.6.24-28.70) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-22.35) |
Patches:
| Upstream: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=720e7749279bde0d08684b1bb4e7a2eedeec6394 |