Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Jul 2016 12:11:43 +0200
From: Cedric Buissart <cbuissar@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-5011: util-linux: Extended partition loop in MBR partition
 table leads to DoS

Hi,

This is to disclose the following CVE:

CVE-2016-5011: util-linux: Extended partition loop in MBR partition table
leads to DoS

Description :
The util-linux libblkid is vulnerable to a Denial of Service attack during
MSDOS partition table parsing, in the extended partition boot record (EBR).
If the next EBR starts at relative offset 0, parse_dos_extended() will loop
until running out of memory. An attacker could install a specially crafted
MSDOS partition table in a storage device and trick a user into using it.
This library is used, among others, by systemd-udevd daemon.

Upstream patch:
libblkid: ignore extended partition at zero offset
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c3

Impact: Low
CVSS3 scoring : AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C

Reported by: Christian Moch & Michael Gruhn

Best Regards,

-- 
Cedric Buissart,
Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ