Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110908161725.GP17727@dhcp-25-225.brq.redhat.com>
Date: Thu, 8 Sep 2011 18:17:26 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley@...us.mitre.org
Subject: CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY
 message

FUSE_NOTIFY_INVAL_ENTRY didn't check the length of the write so the
message processing could overrun and result in a BUG_ON() in
fuse_copy_fill().

User able to mount FUSE filesystems can use this flaw to crash the
system.

References:
http://permalink.gmane.org/gmane.linux.kernel.commits.head/313266
http://sourceforge.net/mailarchive/forum.php?thread_name=87liut4i7w.fsf%40tucsk.pomaz.szeredi.hu&forum_name=fuse-devel

Upstream fix:
c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.