Date: Mon, 11 Jul 2016 17:19:23 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS On 07/11/2016 01:32 PM, Cedric Buissart wrote: > I looked at other projects to see what is being done to prevent this > particular loop from happening. Until now, tools I checked are protected > either by detecting the loop (i.e.: actively searching for a relative > offset of 0 for the next EBR, as done by this util-linux patch; partprobe > and fdisk are doing that), or enforcing a limit on the maximum number of > partitions for a device (Linux kernel, kpartx & other tools I currently > checked) How does util-linux protect against loops which are non-empty? Does it reject negative offsets? Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ