xfs
[Top] [All Lists]

Re: IRIX XFS filesystem denial of service attack

To: agent99@xxxxxxx, linux-xfs@xxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: IRIX XFS filesystem denial of service attack
From: H D Moore <sflist@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Apr 2002 18:32:38 -0500
Delivered-to: gharper@xxxxxxx
Delivered-to: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <10204151449.ZM268355@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <10204151449.ZM268355@xxxxxxxxxxxxxxxxxxxx>
Sender: owner-linux-xfs@xxxxxxxxxxx
Does this vulnerability affect the Linux XFS port? The XFS page has no 
information about this or whether there is a fix available:

http://oss.sgi.com/projects/xfs/

-HD

On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote:
>
>                           SGI Security Advisory
>
>         Title:      IRIX XFS filesystem denial of service attack
>         Number:     20020402-01-P
>         Date:       April 15, 2002
>         Reference:  CAN-2002-0042
> -----------------------
> --- Issue Specifics ---
> -----------------------
>
> It has been reported that there is a vulnerability in IRIX's XFS
> filesystem. Under some circumstances, a user can create a file that would
> hang any application that would try to access it.  This has the potential
> to be used to create a Denial of Service attack.


<Prev in Thread] Current Thread [Next in Thread>