Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Oct 2015 10:31:16 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com,
  CVE ID Requests <cve-assign@...re.org>
Subject: Heap overflow and endless loop in exfatfsck / exfat-utils

https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html

exfat-utils is a collection of tools to work with the exFAT filesystem.
Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a
write heap overflow and an endless loop.

Especially at risk are systems that are configured to run filesystem
checks automatically on external devices like USB flash drives.

A malformed input can cause a write heap overflow in the function
verify_vbr_checksum. It might be possible to use this for code
execution.

Upstream bug report
https://github.com/relan/exfat/issues/5

Sample file triggering the bug
https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum

Git commit for fix
https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786

Another malformed input can cause an endless loop, leading to a
possible denial of service.

Upstream bug report
https://github.com/relan/exfat/issues/6

Sample file triggering the bug
https://crashes.fuzzing-project.org/exfatfsck-endless-loop

Git commit of fix
https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b

Both issues have been fixed in the latest release 1.2.1 of exfat-utils.
https://github.com/relan/exfat/releases/tag/v1.2.1

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ