Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 24 Nov 2009 13:06:51 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: fuse: prevent
 fuse_put_request on invalid pointer

Please use CVE-2009-4021

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo@...nel.sg> wrote:

> "fuse_direct_io() has a loop where requests are allocated in each 
> iteration. if allocation fails, the loop is broken out and follows
> into 
> an unconditional fuse_put_request() on that invalid pointer."
> 
> Upstream commit:
> http://git.kernel.org/linus/f60311d5f7670d9539b424e4ed8b5c0872fc9e83
> 
> This can be triggered when the system is low on memory, and when the 
> fuse_request_alloc() function called from fuse_get_req() fails. The 
> fuse_put_request() function will then dereference the invalid pointer
> 
> returned, resulting in a kernel oops.
> 
> This was introduced in 413ef8cb (v2.6.14-rc1) and fixed in
> v2.6.32-rc7.
> 
> https://bugzilla.redhat.com/538734
> 
> Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ