Date: Wed, 30 Dec 2015 15:37:23 -0500 (EST) From: cve-assign@...re.org To: limeburst@...ber.fsf.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: Squashfs 4.2 Race Condition -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > A malformed Squashfs filesystem can cause a race condition in unsquashfs. > > This is caused by the decompress thread attempting to access a shared > queue, resulting in a SIGSEGV. > > struct cache_entry *entry = queue_get(to_deflate); Do you have any information about a scenario in which this bug crosses a privilege boundary? Do you mean that, because of the details of the SIGSEGV, there's a reasonable likelihood of code execution when a victim runs unsquashfs on an untrusted SquashFS filesystem image? Other possibilities in which there could be a CVE ID assigned include: - if the affected unsquashfs code were also available as a library that was used to build a program that was supposed to remain running to handle multiple unsquash operations - if the affected unsquashfs code were also used to support a SquashFS filesystem that was mounted on a system, and an unprivileged user could crash the system by reading from the filesystem - (again for this use of the affected code) if a system exists that automatically mounts SquashFS filesystems found on removable media, and inserting removable media could crash the system - (again for this use of the affected code) maybe a scenario in which the SIGSEGV ultimately leads to disclosure of private data that wasn't contained in the SquashFS filesystem - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWhEAZAAoJEL54rhJi8gl51ikP/icQQJUyV/Zw43KeOs5BmVJg dWCI2KqVbhjDWW0esdrzL/LAzYMSvH+jXfNBZthzg2e5pFb3+YjkvKiejS5CZszT DTfWTFEfbjDKtIbrISqMAOM7SS9dCy3Zqu37VA1riqzpDRjD4PyoQTn5d95ck8Y9 1aPEEgkTv9Z+VbAv1ONvOK6vLeHXcyovkyXyBdJxPYoXXCQjn3CC6TAYW9HF9qrL AYgSLCogHI3e1PnjA+EHsBqRBYeh70nkH8yrYWj0WDxZFwmnMTb1p+KE5rOwJw/a Gpvq5cM4rtWdV//XFMdBsyg4q/hbJ1leY9W5invnAeeqe8wkVGuJCApS7neRB5pU TV9wvGudvn73hkE61yDSR6Hp2qUGcIYZ1FHK9+uSrYmO6zczJJy7F6lax90BmgWD bvJUvquYRCwV+OUWLMkN7vctY5BXTiM47wLIi6bJMUma65e3Q5TXHcBd6F3p8pCe 7OoNfuzqSDRU1FHz8oxuzLtVMIEzRT9sz9JMTo6ZtdLfzDZBet1qM9p9dXo8Nyej 2Kpm1jN2mlvlnHCQzN1XtweCM/eAbQaxM0/WZzhJ3ipIJQnMLCFSeZH7QS6BbuDC AAnHD8BIH70VYhmZrHLDaRrW08RYWtyaAdiJMeygsiFIxdNxpPUjmFOHHvElkzw1 LhwDS57lxKg9o5p1S+zH =riOK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.