Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 07 May 2012 09:56:08 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Timo Warns <warns@...-sense.de>
Subject: Re: CVE request: Linux kernel: Buffer overflow in
 HFS plus filesystem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/07/2012 02:44 AM, Timo Warns wrote:
> The Linux kernel (at least 3.x <= 3.3.4 and 2.6.x <= 2.6.35.13)
> contains a vulnerability in the driver for HFS plus file systems
> that may be exploited for code execution or privilege escalation.
> 
> A specially-crafted HFS plus filesystem can cause a buffer overflow
> via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).
> The functions
> 
> hfsplus_rename_cat() (in fs/hfsplus/catalog.c) and 
> hfsplus_readdir() (in fs/hfsplus/dir.c)
> 
> call hfs_bnode_read() with values that result in a memcpy() call
> with a fixed-length destination buffer and both, a source buffer
> and length, that are read from the filesystem without sufficient
> validation.
> 
> The buffer overflows were previously fixed in the HFS filesystem
> driver and have been assigned CVE-2009-4020 (commit 
> ec81aecb29668ad71f699f4e7b96ec46691895b6 [1]). Commit
> 6f24f892871acc47b40dd594c63606a17c714f77 ("hfsplus: fix a potential
> buffer overflow") [2] also fixes the issue in the HFS plus 
> filesystem driver.
> 
> [1]
> http://git.kernel.org/linus/ec81aecb29668ad71f699f4e7b96ec46691895b6
>
> 
[2] http://git.kernel.org/linus/6f24f892871acc47b40dd594c63606a17c714f77

Please use CVE-2012-2319 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPp/CYAAoJEBYNRVNeJnmT1YQQANJylNvJD3TWpJVeAFltrFpV
hxYSPq03/99qJS+aCOre56JoVZL0GvpTik3iCsfngjZJxawS7ntaEelTqN2BJofG
tupyQayC4pCMfhTf+y6BA+7nMbf8pDBDbxjLE3Khdwj7xx29uI0KpzErTUsaNAEA
NFsh8Od1UGnAYsvGRDoVAQgMu4J1X9Ld99jGzpsYv8G7BkMMRPQ27rNRP6nzEzLl
rz/FfSA40zo8uJjw5JJ+V+Jx6siGlUdrITx+lwV3M8LbkbckneKZLdiCtOSWlE//
kN/VPuT174dD8iBew6Zm1rsiGafqX5vZ4lUrg+sPvlpEi3gIEZAIx5uyFYgL0NFR
fVuckfOlfg4COpNj0zq8dswW1sA5vgbdSLPCrtRTrM8A2IaA26LNOGC1afd8E++3
8soJfNVuempwwuHalv0h5rPh2Cju4NpjhbUKStYPK+9TYKBjMItYsmgFpEcslX6u
HZB01YPeHjc3/E2crvF/ksT1/Q3p7Kc53Bkf5QI/y23KcDh7degsnowpe9FD99oQ
qQpZOleNiEFlkDnCb6KXRzsrObAQg1dU136qUQKc/CfSR7tmYz8jtIOYHNx7NIvN
KfD/zJnNebHReJoRgt+7zRxiQp9er5lgiUo7xU1Yg/3JyUZr/d66Zo5sSyllX2VN
rwWSOFDG8DhBlCFLcfVM
=XY4f
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ