Vigil@nce - Linux kernel: privilege escalation via XFS Attribute
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can manipulate XFS attributes on the Linux
kernel, in order to trigger a denial of service or to escalate his
privileges.
Impacted products: Linux, RHEL, Ubuntu
Severity: 2/4
Creation date: 17/03/2015
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports XFS file systems.
However, when an XFS attribute is changed, the size of the change
is too large, which can alter another attribute.
A local attacker can therefore manipulate XFS attributes on the
Linux kernel, in order to trigger a denial of service or to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-XFS-Attribute-16397