Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 03 Jul 2012 12:58:39 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>, jack@...e.cz
Subject: Re: CVE Request: Stability fixes in UDF Logical Volume
 Descriptor handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/03/2012 07:22 AM, Marcus Meissner wrote:
> Hi,
> 
> People (do not know who) reported to the kernel security team and
> Jan Kara some UDF filesystem crashes.
> 
> Jan Kara did some fixes in the UDF fs and they were committed to
> mainline already, both actual bugfixes and some more sanity 
> checking for hardening.
> 
> Buffer overreads or overwrites would have been possible.
> 
> 
> I think a single CVE is sufficient.

Were they discovered by the same person or different people?

> 
> 
> The two mainline commits: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050
>
> 
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=adee11b2085bee90bd8f4f52123ffb07882d6256
> 
> 
> commit 1df2ae31c724e57be9d7ac00d78db8a5dabdd050 Author: Jan Kara
> <jack@...e.cz> Date:   Wed Jun 27 21:23:07 2012 +0200
> 
> udf: Fortify loading of sparing table
> 
> Add sanity checks when loading sparing table from disk to avoid
> accessing unallocated memory or writing to it.
> 
> Signed-off-by: Jan Kara <jack@...e.cz>
> 
> commit adee11b2085bee90bd8f4f52123ffb07882d6256 Author: Jan Kara
> <jack@...e.cz> Date:   Wed Jun 27 20:20:22 2012 +0200
> 
> udf: Avoid run away loop when partition table length is corrupted
> 
> Check provided length of partition table so that (possibly
> maliciously) corrupted partition table cannot cause accessing data
> beyond current buffer.
> 
> Signed-off-by: Jan Kara <jack@...e.cz>
> 
> Ciao, Marcus
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP80DfAAoJEBYNRVNeJnmTyl0QAKI/qmZuqI7wuo625eyIYAGD
GSgVG5a2VTbD6m4XcRFUkQACSCcyTH1RWEEr8eM8m2htZSiS12wvUGkYntGUmwRh
o/Hf+Kyrn2Nmvf9EaDgMTLerOZf/xSh8Bm2jOGRkUzgDOrSAOVHMaLk1uYNfRsVy
E6R2SJXLldMtmV4/L2xuqLU9tpdcFrK4EHTSEDDFb4B46eXvi1qhh5xLxmPIdvEC
i8/19fWlw96TygoJvZxGaIlIuzj0noN70pJqc5XCmDeM0zCGfPSHBi4ZZOjfWEvs
mVd4Xqm56USmovY1aO0EJRRI/EFgUuEA43x5uvR32oC+4qtMpJCeQRAeQyUPTeVv
8VxaORs8SK8433lDzEf6NzIBKbl2Rd4ombGEr7/v9rnzLfWXlO+3CDdXCJ252bLQ
Ao09tSoAFaAs08H3cVSvXKieE4osllfk78eJq+GMmhNPO/LNQRIoTpoBVNE9mJqt
Sx9TmviPSBrbmMc4y7XmUvS4QWlM9rXzsaYwDSK0C4zi8FmqJq4yWehTKU6qNh2m
e3DPm6glJVBlTc9m260xTUz4AZBJKDDc8LUJUPGljRj9kCOYnKIqrnHLD31CkWLB
rDRMSy4RlbDKD7YnSe4B7sr+x05FGM7OipF+zU8faCujYAMuToqDZCeDDcDQDm8Y
wr6NsvukqZ3nbgfh56mT
=1CD+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ