Vigil@nce: Linux kernel, denial of service via GFS
March 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can lock a file on a GFS system, in order to stop
the kernel.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/03/2010
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports GFS (Global File System).
A file can be locked with two modes:
– advisory locking : the process manages parallel accesses,
before each read()/write()
– mandatory locking : the system manages parallel accesses, by
checking the bit Sgid without the bit GroupExecute during each
read()/write()
A local attacker can lock a GFS file with an "advisory locking",
and then change the file mode to simulate a "mandatory locking".
When the file is locked, the kernel does not manage this special
case, and calls the BUG() macro.
A local attacker can therefore lock a file on a GFS system, in
order to stop the kernel.
CHARACTERISTICS
Identifiers: 570863, CVE-2010-0727, VIGILANCE-VUL-9513
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-GFS-9513