Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Aug 2014 10:33:08 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux Kernel unbound recursion in ISOFS

Hi,

>From the google security research team:
https://code.google.com/p/google-security-research/issues/detail?id=88

fixed in
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
Author: Jan Kara <jack@...e.cz>
Date:   Sun Aug 17 11:49:57 2014 +0200

    isofs: Fix unbounded recursion when processing relocated directories

    We did not check relocated directory in any way when processing Rock
    Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
    entry pointing to another CL entry leading to possibly unbounded
    recursion in kernel code and thus stack overflow or deadlocks (if there
    is a loop created from CL entries).

    Fix the problem by not allowing CL entry to point to a directory entry
    with CL entry (such use makes no good sense anyway) and by checking
    whether CL entry doesn't point to itself.

    CC: stable@...r.kernel.org
    Reported-by: Chris Evans <cevans@...gle.com>
    Signed-off-by: Jan Kara <jack@...e.cz>

This still needs a CVE.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ