Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 03 Jun 2011 14:47:39 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Josh Bressers <bressers@...hat.com>, Timo Warns <warns@...-sense.de>,
        coley <coley@...re.org>
Subject: Re: CVE request: kernel: fs/partitions: Kernel heap
 overflow via corrupted LDM partition tables

On 02/25/2011 04:22 AM, Josh Bressers wrote:
> 
> ----- Original Message -----
>> On Thu, 2011-02-24 at 09:25 +0800, Eugene Teo wrote:
>>> On 02/24/2011 03:59 AM, Josh Bressers wrote:
>>>> ----- Original Message -----
>>>>>
>>>>> The kernel automatically evaluates partition tables of storage
>>>>> devices.  The code for evaluating LDM partitions (in
>>>>> fs/partitions/ldm.c) contains a bug that allows to overflow the
>>>>> kernel heap. It may be possible to escalate privileges by exploiting
>>>>> this bug.
[...]
> I would still like something along the lines of a proposed patch. I believe
> you folks (as you're much brighter than me), but I still don't quite grasp
> the difference. I suspect there is enough public information for MITRE to
> public a CVE though, so please use CVE-2011-1017.

It was reported that the fix for this is insufficient. I have assigned
CVE-2011-2182 to this. See https://lkml.org/lkml/2011/5/6/407.

Timo, can you please post the patch here once you have submitted it to
lkml for review. Thanks.

Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ