Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Aug 2013 00:37:00 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Petr Matousek <pmatouse@...hat.com>
Subject: CVE Request: Linux kernel: cifs: off-by-one bug in
 build_unc_path_to_root

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

Linux kernel built with the Common Internet File System (CONFIG_CIFS) support 
along with a feature to access Distributed File Systems 
(CONFIG_CIFS_DFS_UPCALL), is vulnerable to a memory corruption flaw caused by 
writing one byte past an allocated memory area. It occurs while mounting a DFS 
share wherein the server provides DFS referral names of certain length. The 
memory corruption leads to an unresponsive kernel and subsequent crash 
resulting in Denial of Service.

An user/program able to mount a file system could use this flaw to crash the 
kernel resulting in DoS.

Upstream fix:
- -------------
  -> https://git.kernel.org/linus/1fc29bacedeabb278080e31bb9c1ecb49f143c3b


Thank you.
- --
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSC9VUAAoJENBIeGA2VWAr93EP/1NadVJm8NJb8UV8b0iKX9/R
+hBsCcfz8ihuXl1XuCmuFg2wqwUmWXNDbn4wHZb/cu74k3sENSL6XMBd8bFFwEEq
0fXS+Z5oe4q0oZxP5Utabh98JKzcSNAWPzEIyikyBu3XM1iN20EXVb9Clnu1Xu50
m/69+6tyHpGa2Hz1K5ID3GTbhx8cqYIsNWaWo04goAjTaws65/iE8xZVX6J5agzs
j8vyJ4uK6O6a3yVGQeeglYAKq6h9Vc87IktLvDuvmx0TXhWYFjyexsxePI1kBXFU
ssPqlQceUA8Q5vr7MCPfZLAUunQ9nnA/9sNOziWUvLvFftOo89p+7Yg4D/B9VEpq
5wg2DqIV0cNnTK7dWi8NEVn2DG3YtNXUUbid5HrdRgqnYVOp63wOOkel3KLALzkJ
o4X7SvcwYQsoH6THbBMc5OW+BXH42zcXhLQ1Lg8B9sOpd/WAtUPuhaDiqbiWNDTl
/SX35ewxocORUuc4jCRQxmKMCkrNEaRO4QLoACl3FxaBHCeLSYiO2/V7ESVAwfPu
BDWJCr1evuZtJsDA6eauwigu1wKK7d4BWNmQhPdg/2j/gcPEJiaYSDdOopw9PjPB
iY6up4AYxaXYsYLKmUUG7MSgJAYeBf1P08RjvTGeOAysHAhX0EbI+WNgTpyIL+lv
RCzQuD7AvBeM25tEKsMo
=VarQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ