Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 04 Dec 2009 12:49:46 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-4020 kernel: hfs buffer overflow

"A specially-crafted Hierarchical File System (HFS) filesystem could 
cause a buffer overflow to occur in a process's kernel stack during a 
memcpy() call within the hfs_bnode_read() function (at 
fs/hfs/bnode.c:24).  The attacker can provide the source buffer and 
length, and the destination buffer is a local variable of a fixed 
length.  This local variable (passed as "&entry" from fs/hfs/dir.c:112 
and allocated on line 60) is stored in the stack frame of 
hfs_bnode_read()'s caller, which is hfs_readdir(). Because the 
hfs_readdir() function executes upon any attempt to read a directory on 
the filesystem, it gets called whenever a user attempts to inspect any 
filesystem contents."

http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2
https://bugzilla.redhat.com/CVE-2009-4020

This has been assigned with CVE-2009-4020.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ