Re: IRIX XFS filesystem denial of service attack

From: H D Moore (sflist@digitaloffense.net)
Date: 04/16/02


From: H D Moore <sflist@digitaloffense.net>
To: agent99@sgi.com, linux-xfs@oss.sgi.com, bugtraq@securityfocus.com
Date: Mon, 15 Apr 2002 18:32:38 -0500

Does this vulnerability affect the Linux XFS port? The XFS page has no
information about this or whether there is a fix available:

http://oss.sgi.com/projects/xfs/

-HD

On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote:
>
> SGI Security Advisory
>
> Title: IRIX XFS filesystem denial of service attack
> Number: 20020402-01-P
> Date: April 15, 2002
> Reference: CAN-2002-0042
> -----------------------
> --- Issue Specifics ---
> -----------------------
>
> It has been reported that there is a vulnerability in IRIX's XFS
> filesystem. Under some circumstances, a user can create a file that would
> hang any application that would try to access it. This has the potential
> to be used to create a Denial of Service attack.