Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 31 Aug 2016 08:23:56 -0400 (EDT)
From: cve-assign@...re.org
To: ben@...adent.org.uk
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, debian@...ny.org
Subject: Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> a bug in Debian's kernel
> packages that allows a denial of service (crash) by local users with
> access to an aufs filesystem.  The bug is in a Debian-specific patch,
> not the upstream kernel or aufs code.

>> the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
>> fcntl support code (#627782) which unfortunately results in a kernel
>> Oops when the fcntl is called on a directory. This breaks e.g. copying
>> files from an AUFS filesystem on a remote machine using scp.

>>        fcntl (fd, F_SETFL, O_RDONLY);

>> Call the program on regular a file (nothing happens) and then on a
>> directory (Oops).

>> The Oops happens in fs/fcntl.c

>> The aufs_file_fop structure sets the value of the .setfl member to
>> aufs_setfl (f_op.c). aufs_dir_fop (dir.c) on the other hand does not.

>>   aufs 3.2.x+setfl-debian

>>   kernel NULL pointer dereference

Use CVE-2016-7118.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXxsvbAAoJEHb/MwWLVhi2LWoP/3ZaPz0Ig/FPWdBi+JyGP7/K
YlCUjfpCrWaIBQwczMqZX+7E+aTym5dQ3tvRYdoOiDZhhcGCxLa7YCNLHZdVDIkC
OJOrBOoDyL1OjhcNvFD6uahCAfqVAilvFgR7HNkbiwPnvFIkUd3LZXtvpfCla4l8
8/PABvTGSnZWesZdG573mduIZQ0wO/RGcp1ng+tbyZjXUUWqJe03v70C19s0aMVh
xXZLk3WuCUUnEfdWsRK2W5Shj4zCqIBhzbzWQcBcFLL65hxdoLGLLsCkx3EM0VkO
8f07NoP24dKfLy1uH4HhRcVKIc4E22knCGOnWIX4aiHvbLHtBAnoNHhG9rgRg221
DomDaYqjyOXgFUIK2DxB1qJbTPvKuyhWQZ+MrI0c72NJ8nSgexoEdk/6pKagpnq7
gSu1MN+r7Q/IBf722Xqi82y9BBV+NlWH967dlqnH3EoxiHK5M6Y7koCdx+9HYrvs
Ib1f60ztjAwglxljqjhGVG02wJhwOqvfH2wJb78HKPJ9A3F24Y5bDyxzmB1J2Pjm
fT5vYyOXGUIoY4U8062yaqPI6OJedhKgJvYfnFqJCxa88RpB8sPXZlMcsm+2ajSv
kA7X7fS7eNj/gPAXgUEkjJaK8r6sDB5MzhRZ1OvJevbRpHR7GYczfAfgFeqJNSEx
IleDjdlHzS7T25oRRIFQ
=4pvR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ