8298019 2002-04-15 18:32 -0500 /29 rader/ H D Moore <sflist@digitaloffense.net> Sänt av: joel@lysator.liu.se Importerad: 2002-04-17 00:19 av Brevbäraren Extern mottagare: agent99@sgi.com Extern mottagare: linux-xfs@oss.sgi.com Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <21857> Kommentar till text 8291807 av SGI Security Coordinator <agent99@sgi.com> Ärende: Re: IRIX XFS filesystem denial of service attack ------------------------------------------------------------ From: H D Moore <sflist@digitaloffense.net> To: agent99@sgi.com, linux-xfs@oss.sgi.com, bugtraq@securityfocus.com Message-ID: <200204151832.38497.sflist@digitaloffense.net> Does this vulnerability affect the Linux XFS port? The XFS page has no information about this or whether there is a fix available: http://oss.sgi.com/projects/xfs/ -HD On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote: > > SGI Security Advisory > > Title: IRIX XFS filesystem denial of service attack > Number: 20020402-01-P > Date: April 15, 2002 > Reference: CAN-2002-0042 > ----------------------- > --- Issue Specifics --- > ----------------------- > > It has been reported that there is a vulnerability in IRIX's XFS > filesystem. Under some circumstances, a user can create a file that would > hang any application that would try to access it. This has the potential > to be used to create a Denial of Service attack. (8298019) /H D Moore <sflist@digitaloffense.net>/--- Kommentar i text 8298428 av Eric Sandeen <sandeen@sgi.com> 8298428 2002-04-16 16:40 -0500 /25 rader/ Eric Sandeen <sandeen@sgi.com> Sänt av: joel@lysator.liu.se Importerad: 2002-04-17 01:52 av Brevbäraren Extern mottagare: H D Moore <sflist@digitaloffense.net> Extern kopiemottagare: agent99@sgi.com Extern kopiemottagare: linux-xfs@oss.sgi.com Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <21868> Kommentar till text 8298019 av H D Moore <sflist@digitaloffense.net> Ärende: Re: IRIX XFS filesystem denial of service attack ------------------------------------------------------------ From: Eric Sandeen <sandeen@sgi.com> To: H D Moore <sflist@digitaloffense.net> Cc: agent99@sgi.com, linux-xfs@oss.sgi.com, bugtraq@securityfocus.com Message-ID: <1018993200.8789.377.camel@stout.americas.sgi.com> hi HD - I don't believe that Linux is affected. I've been told that the Linux I/O path was written specifically to avoid this problem, and I have run some test cases from our original bug report, and did not see the described behavior. I'll look a bit more and reply when I know for sure. -Eric On Mon, 2002-04-15 at 18:32, H D Moore wrote: > Does this vulnerability affect the Linux XFS port? The XFS page has no > information about this or whether there is a fix available: -- Eric Sandeen XFS for Linux http://oss.sgi.com/projects/xfs sandeen@sgi.com SGI, Inc. (8298428) /Eric Sandeen <sandeen@sgi.com>/(Ombruten)