Received: with ECARTIS (v1.0.0; list linux-xfs); Thu, 12 Dec 2002 08:10:39 -0800 (PST) Received: from asterix.spider-net.de (pD952AACE.dip.t-dialin.net [217.82.170.206]) by oss.sgi.com (8.12.5/8.12.5) with SMTP id gBCGAOuR006481 for ; Thu, 12 Dec 2002 08:10:27 -0800 Received: by asterix.spider-net.de (Postfix, from userid 501) id 53F151082; Thu, 12 Dec 2002 17:13:58 +0100 (CET) X-Priority: 2 (High) Priority: urgent Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com [66.38.151.27]) by odin.spider-net.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id UAA30144 for ; Tue, 16 Apr 2002 20:56:38 +0200 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 176EAA3199; Tue, 16 Apr 2002 10:52:43 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 8733 invoked from network); 15 Apr 2002 23:30:13 -0000 Content-Type: text/plain; charset="iso-8859-1" Date: Mon, 15 Apr 2002 18:32:38 -0500 X-Mailer: XFMail 1.4.0 on Linux References: <10204151449.ZM268355@einstein.csd.sgi.com> In-Reply-To: <10204151449.ZM268355@einstein.csd.sgi.com> X-DigitalOffense: TRUE MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200204151832.38497.sflist@digitaloffense.net> X-UIDL: af6fa726298b5ea78d5ebc12c9ba9a35 From: H D Moore To: agent99@sgi.com, linux-xfs@oss.sgi.com, bugtraq@securityfocus.com Subject: Re: IRIX XFS filesystem denial of service attack X-archive-position: 2062 X-ecartis-version: Ecartis v1.0.0 Sender: linux-xfs-bounce@oss.sgi.com Errors-to: linux-xfs-bounce@oss.sgi.com X-original-sender: sflist@digitaloffense.net Precedence: bulk X-list: linux-xfs Does this vulnerability affect the Linux XFS port? The XFS page has no information about this or whether there is a fix available: http://oss.sgi.com/projects/xfs/ -HD On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote: > > SGI Security Advisory > > Title: IRIX XFS filesystem denial of service attack > Number: 20020402-01-P > Date: April 15, 2002 > Reference: CAN-2002-0042 > ----------------------- > --- Issue Specifics --- > ----------------------- > > It has been reported that there is a vulnerability in IRIX's XFS > filesystem. Under some circumstances, a user can create a file that would > hang any application that would try to access it. This has the potential > to be used to create a Denial of Service attack.