You are here

CVE-2010-0727

Vincent (CVE) Danen's picture
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.

Details Source

Mitre

Statement

Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0727.

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG, as it did not include support for the GFS and GFS2 file systems.

For the GFS issue, it was addressed in Red Hat Enterprise Linux 3 in the gfs package, 4 in the GFS-kernel package, and 5 in the gfs-kmod package, via https://rhn.redhat.com/errata/RHSA-2010-9493.html, https://rhn.redhat.com/errata/RHSA-2010-9494.html, https://rhn.redhat.com/errata/RHSA-2010-0291.html respectively.

For the GFS2 issue, it was addressed in Red Hat Enterprise Linux 5 in the kernel package via https://rhn.redhat.com/errata/RHSA-2010-0178.html.

Public Date

2010-03-11 00:00:00

Impact

Moderate

Bugzilla

CVE-2010-0727 kernel: bug in GFS/GFS2 locking code leads to dos

Bugzilla ID

570 863

CVSS Status

verified

Base Score

4.90

Base Metrics

AV:L/AC:L/Au:N/C:N/I:N/A:C

Red Hat Security Errata

Platform Errata Release Date
RHEL Cluster-Storage (v. 5.4.Z server) (gfs-kmod) RHSA-2010:0521 2010-07-08
Red Hat Global File System 3AS (GFS) RHSA-2010:0330 2010-03-30
Red Hat Enterprise Linux Cluster-Storage (v. 5 server) (gfs-kmod) RHSA-2010:0291 2010-03-29
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0178 2010-03-29
Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) RHSA-2010:0380 2010-04-27
Red Hat Global File System 4AS (GFS-kernel) RHSA-2010:0331 2010-03-30