Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Aug 2014 10:33:08 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux Kernel unbound recursion in ISOFS

Hi,

>From the google security research team:
https://code.google.com/p/google-security-research/issues/detail?id=88

fixed in
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
Author: Jan Kara <jack@...e.cz>
Date:   Sun Aug 17 11:49:57 2014 +0200

    isofs: Fix unbounded recursion when processing relocated directories

    We did not check relocated directory in any way when processing Rock
    Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
    entry pointing to another CL entry leading to possibly unbounded
    recursion in kernel code and thus stack overflow or deadlocks (if there
    is a loop created from CL entries).

    Fix the problem by not allowing CL entry to point to a directory entry
    with CL entry (such use makes no good sense anyway) and by checking
    whether CL entry doesn't point to itself.

    CC: stable@...r.kernel.org
    Reported-by: Chris Evans <cevans@...gle.com>
    Signed-off-by: Jan Kara <jack@...e.cz>

This still needs a CVE.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.