Date: Mon, 11 Jul 2016 13:32:18 +0200 From: Cedric Buissart <cbuissar@...hat.com> To: Hanno Böck <hanno@...eck.de> Cc: oss-security@...ts.openwall.com Subject: Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS On Mon, Jul 11, 2016 at 12:51 PM, Hanno Böck <hanno@...eck.de> wrote: > On Mon, 11 Jul 2016 12:11:43 +0200 > Cedric Buissart <cbuissar@...hat.com> wrote: > > > CVE-2016-5011: util-linux: Extended partition loop in MBR partition > > table leads to DoS > > Have you discovered this bug or do you know how it was discovered? > It was reported to us by Michael Gruhn & Christian Moch > > Was it found with fuzzing or code inspection? > I do not know, there was no info on the discovery method in the report. > > I have done fuzzing on partitioning tools before, however I hadn't > found anything, this bug indicates I haven't looked enough :-) > I looked at other projects to see what is being done to prevent this particular loop from happening. Until now, tools I checked are protected either by detecting the loop (i.e.: actively searching for a relative offset of 0 for the next EBR, as done by this util-linux patch; partprobe and fdisk are doing that), or enforcing a limit on the maximum number of partitions for a device (Linux kernel, kpartx & other tools I currently checked) > > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42 > -- Cedric Buissart, Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ