Date: Sun, 5 Apr 2009 00:11:31 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Cc: security@...nel.org, sfrench@...ibm.com Subject: CVE request? buffer overflow in CIFS in 2.6.* Hi, I guess we need a CVE for this fix: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commitdiff;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7 Fixes a kmalloc area overflow in CIFS, number of overwritten bytes is depending on the codepage converted to. The data seems to come from a remote generated reply blob even, correct me if I am wrong. :/ Checking our enterprise distro kernels it seems to cover most of the 2.6 kernel range... 2.6.27 has the same code, 2.6.16 too, 2.6.5 too. And I wonder if "len*2" is sufficient, can't a UCS -> UTF8 conversion generate more than 2 byte utf-8 characters for 1 ucs character? (spotted by felix leitner, german blog entry: http://blog.fefe.de/?ts=b72905a8 ) Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.