Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 11 Nov 2008 13:32:29 -0800
From: Greg KH <greg@...ah.com>
To: Eugene Teo <eteo@...hat.com>
Cc: oss-security@...ts.openwall.com,
	"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE requests: kernel: hfsplus-related bugs

On Mon, Nov 10, 2008 at 01:27:42PM +0800, Eugene Teo wrote:
> Eugene Teo wrote:
> > These were committed in upstream kernel. Reported by Eric Sesterhenn.
> > 
> > 1) hfsplus: fix Buffer overflow with a corrupted image
> > Upstream commit: efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
> > 
> > When an hfsplus image gets corrupted it might happen that the catalog
> > namelength field gets b0rked.  If we mount such an image the memcpy() in
> > hfsplus_cat_build_key_uni() writes more than the 255 that fit in the
> > name field.  Depending on the size of the overwritten data, we either
> > only get memory corruption or also trigger an oops.
> 
> There's an equivalent bug for hfs. The upstream commit is d38b7aa. We
> will need a CVE name for this too.
> 
> Greg, I don't recall seeing this in -stable kernel. FYI.

Thanks, I've now added it.

greg k-h

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ