Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 31 Aug 2016 08:23:56 -0400 (EDT)
From: cve-assign@...re.org
To: ben@...adent.org.uk
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, debian@...ny.org
Subject: Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> a bug in Debian's kernel
> packages that allows a denial of service (crash) by local users with
> access to an aufs filesystem.  The bug is in a Debian-specific patch,
> not the upstream kernel or aufs code.

>> the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
>> fcntl support code (#627782) which unfortunately results in a kernel
>> Oops when the fcntl is called on a directory. This breaks e.g. copying
>> files from an AUFS filesystem on a remote machine using scp.

>>        fcntl (fd, F_SETFL, O_RDONLY);

>> Call the program on regular a file (nothing happens) and then on a
>> directory (Oops).

>> The Oops happens in fs/fcntl.c

>> The aufs_file_fop structure sets the value of the .setfl member to
>> aufs_setfl (f_op.c). aufs_dir_fop (dir.c) on the other hand does not.

>>   aufs 3.2.x+setfl-debian

>>   kernel NULL pointer dereference

Use CVE-2016-7118.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXxsvbAAoJEHb/MwWLVhi2LWoP/3ZaPz0Ig/FPWdBi+JyGP7/K
YlCUjfpCrWaIBQwczMqZX+7E+aTym5dQ3tvRYdoOiDZhhcGCxLa7YCNLHZdVDIkC
OJOrBOoDyL1OjhcNvFD6uahCAfqVAilvFgR7HNkbiwPnvFIkUd3LZXtvpfCla4l8
8/PABvTGSnZWesZdG573mduIZQ0wO/RGcp1ng+tbyZjXUUWqJe03v70C19s0aMVh
xXZLk3WuCUUnEfdWsRK2W5Shj4zCqIBhzbzWQcBcFLL65hxdoLGLLsCkx3EM0VkO
8f07NoP24dKfLy1uH4HhRcVKIc4E22knCGOnWIX4aiHvbLHtBAnoNHhG9rgRg221
DomDaYqjyOXgFUIK2DxB1qJbTPvKuyhWQZ+MrI0c72NJ8nSgexoEdk/6pKagpnq7
gSu1MN+r7Q/IBf722Xqi82y9BBV+NlWH967dlqnH3EoxiHK5M6Y7koCdx+9HYrvs
Ib1f60ztjAwglxljqjhGVG02wJhwOqvfH2wJb78HKPJ9A3F24Y5bDyxzmB1J2Pjm
fT5vYyOXGUIoY4U8062yaqPI6OJedhKgJvYfnFqJCxa88RpB8sPXZlMcsm+2ajSv
kA7X7fS7eNj/gPAXgUEkjJaK8r6sDB5MzhRZ1OvJevbRpHR7GYczfAfgFeqJNSEx
IleDjdlHzS7T25oRRIFQ
=4pvR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.