Bug 608576 (CVE-2010-1641) - VUL-1: CVE-2010-1641: kernel: GFS2: The setflags ioctl() doesn't check file ownership
Summary: VUL-1: CVE-2010-1641: kernel: GFS2: The setflags ioctl() doesn't check file o...
Status: RESOLVED FIXED
Alias: CVE-2010-1641
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2010-06-08
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:11.1:34444 maint:relea...
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-25 09:55 UTC by Thomas Biege
Modified: 2018-07-03 20:30 UTC (History)
4 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2010-05-25 09:55:15 UTC 
Hi.
There is a security bug in package 'kernel'.

This information is from 'oss-security'.

This bug is public.

There is no coordinated release date (CRD) set.

More information can be found here:
	https://bugzilla.redhat.com/show_bug.cgi?id=595579


Original posting:



----------  Forwarded Message  ----------

Subject: [oss-security] CVE request - kernel: GFS2: The setflags ioctl() 
doesn't check file ownership
Date: Dienstag 25 Mai 2010, 06:56:57
From: Eugene Teo <eugeneteo@kernel.sg>
An:  oss-security@lists.openwall.com
Kopie:  "Steven M. Christey" <coley@linus.mitre.org>

Besides checking the write permissions, the setflags ioctl should also 
be checking for the ownership of the file. It's a minor issue but the 
behaviour is unexpected.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=595579
http://www.linux-archive.org/cluster-development/375481-gfs2-fix-permissions-
checking-setflags-ioctl.html

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

-----------------------------------------
Comment 1 Thomas Biege 2010-05-26 07:25:52 UTC 
CVE-2010-1641
Comment 3 Thomas Biege 2010-06-17 14:01:20 UTC 
CVE-2010-1641: CVSS v2 Base Score: 4.6 (MEDIUM) (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVE-2010-1641: Permissions, Privileges, and Access Control (CWE-264)
Comment 4 Jeff Mahoney 2010-06-24 17:48:24 UTC 
Committed to SLE11, 11.2, SLE11 SP1, and 11.3.

SLE11 SP1 is actually unaffected by this issue since we prohibit write access using it. I've included it for completeness. I presume that SLERT 11 is also unaffected as a result.

I don't see gfs2 getting a whole lot of use on Moblin or Meego. ;)
Comment 5 Mike Galbraith 2010-06-26 05:55:18 UTC 
Applied to SLERT11.
Comment 6 Swamp Workflow Management 2010-07-19 14:13:19 UTC 
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-docs, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-ps3, kernel-ps3-debuginfo, kernel-ps3-debugsource, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-extra, kernel-vanilla, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra
Products:
openSUSE 11.1 (debug, i586, ppc, x86_64)
Comment 7 Swamp Workflow Management 2010-07-20 14:08:41 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 8 Swamp Workflow Management 2010-07-20 14:10:13 UTC 
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 9 Swamp Workflow Management 2010-07-20 14:11:16 UTC 
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 10 Swamp Workflow Management 2010-07-20 14:12:52 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-vmi, ext4dev-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-vmi, kernel-vmi-base, kernel-vmi-debuginfo, kernel-vmi-debugsource, kernel-vmi-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra
Products:
SLE-DEBUGINFO 11 (i386)
SLE-DESKTOP 11 (i386)
SLE-HAE 11 (i386)
SLE-SERVER 11 (i386)
Comment 11 Swamp Workflow Management 2010-07-20 14:14:23 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 12 Swamp Workflow Management 2010-07-20 14:15:18 UTC 
Update released for: cluster-network-kmp-default, ext4dev-kmp-default, ext4dev-kmp-ppc64, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 11 (ppc64)
SLE-HAE 11 (ppc64)
SLE-SERVER 11 (ppc64)
Comment 13 Swamp Workflow Management 2010-07-20 14:16:28 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra
Products:
SLE-DEBUGINFO 11 (x86_64)
SLE-DESKTOP 11 (x86_64)
SLE-HAE 11 (x86_64)
SLE-SERVER 11 (x86_64)
Comment 14 Swamp Workflow Management 2010-07-20 14:17:36 UTC 
Update released for: cluster-network-kmp-default, ext4dev-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 11 (s390x)
SLE-HAE 11 (s390x)
SLE-SERVER 11 (s390x)
Comment 15 Swamp Workflow Management 2010-07-20 14:18:37 UTC 
Update released for: cluster-network-kmp-default, ext4dev-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-syms
Products:
SLE-DEBUGINFO 11 (ia64)
SLE-HAE 11 (ia64)
SLE-SERVER 11 (ia64)
Comment 16 Swamp Workflow Management 2010-07-20 14:19:59 UTC 
Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 17 Marcus Meissner 2010-07-20 15:40:36 UTC 
A kernel update for SUSE Linux Enterprise 11 GA was just released that mentions/fixes this bug. The released version is 2.6.27.48-0.1.1.
Comment 18 Marcus Meissner 2010-08-02 11:53:51 UTC 
A kernel update for SUSE Linux Enterprise 11 SP1 was just released that
mentions/fixes this bug. The released version is 2.6.32.13-0.5.1.
Comment 19 Swamp Workflow Management 2010-08-02 14:09:51 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 20 Swamp Workflow Management 2010-08-02 14:11:08 UTC 
Update released for: btrfs-kmp-default, cluster-network-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra
Products:
SLE-DEBUGINFO 11-SP1 (ia64)
SLE-HAE 11-SP1 (ia64)
SLE-SERVER 11-SP1 (ia64)
Comment 21 Swamp Workflow Management 2010-08-02 14:12:17 UTC 
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 22 Swamp Workflow Management 2010-08-02 14:13:58 UTC 
Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 23 Swamp Workflow Management 2010-08-02 14:15:03 UTC 
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 24 Swamp Workflow Management 2010-08-02 14:17:19 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-desktop-devel, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-extra
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-DESKTOP 11-SP1 (i386)
SLE-HAE 11-SP1 (i386)
SLE-SERVER 11-SP1 (i386)
Comment 25 Swamp Workflow Management 2010-08-02 14:18:36 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 26 Swamp Workflow Management 2010-08-02 14:19:42 UTC 
Update released for: btrfs-kmp-default, cluster-network-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-HAE 11-SP1 (s390x)
SLE-SERVER 11-SP1 (s390x)
Comment 27 Swamp Workflow Management 2010-08-02 14:21:07 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-ppc64, cluster-network-kmp-default, cluster-network-kmp-ppc64, ext4dev-kmp-default, ext4dev-kmp-ppc64, gfs2-kmp-default, gfs2-kmp-ppc64, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra
Products:
SLE-DEBUGINFO 11-SP1 (ppc64)
SLE-HAE 11-SP1 (ppc64)
SLE-SERVER 11-SP1 (ppc64)
Comment 28 Swamp Workflow Management 2010-08-02 14:22:32 UTC 
Update released for: btrfs-kmp-default, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-xen, hyper-v-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-DESKTOP 11-SP1 (x86_64)
SLE-HAE 11-SP1 (x86_64)
SLE-SERVER 11-SP1 (x86_64)
Comment 29 Thomas Biege 2010-08-09 07:55:23 UTC 
mass change P5->P3
Comment 30 Swamp Workflow Management 2010-09-23 13:09:47 UTC 
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop
Products:
openSUSE 11.2 (debug, i586, x86_64)
Comment 31 Marcus Meissner 2010-09-27 09:29:57 UTC 
all necessary kernels released
Comment 32 Bernhard Wiedemann 2016-04-15 11:47:15 UTC 
This is an autogenerated message for OBS integration:
This bug (608576) was mentioned in
https://build.opensuse.org/request/show/42266 Factory / kernel-source
https://build.opensuse.org/request/show/42378 11.3:Test / kernel-source