Bugtraq mailing list archives

Re: major security bug in reiserfs (may affect SuSE Linux)

From: Gigi Sullivan <sullivan () SIKUREZZA ORG>
Date: Wed, 10 Jan 2001 21:28:59 +0100

Aiee :)

   Hello!

On Wed, Jan 10, 2001 at 12:42:01AM +0100, Marc Lehmann wrote:

Since a kernel oops results (see below), this indicates a buffer overrun
(the kernel jumps to address 78787878, which is "xxxx") inside the kernel,


   AFAIK this won't indicate _always_ a buffer overrun in kernel land.
   Just think about dereferenced NULL pointer for example.

[snip]

Unable to handle kernel paging request at virtual address 78787878
current->tss.cr3 = 0d074000, %cr3 = 0d074000
*pde = 00000000
Oops: 0002
CPU:    0
EIP:    0010:[<c013f875>]
EFLAGS: 00010282
eax: 00000000   ebx: bfffe78c   ecx: 00000000   edx: bfffe78c
esi: ccbddd62   edi: 78787878   ebp: 00000300   esp: ccbddd3c
ds: 0018   es: 0018   ss: 0018
Process bash (pid: 292, process nr: 54, stackpage=ccbdd000)
Stack: c013f66a ccbddf6c cd100000 ccbddd62 0000030c c0136d49 00000700 00002013
       00001000 7878030c 78787878 78787878 78787878 78787878 78787878 78787878
       78787878 78787878 78787878 78787878 78787878 78787878 78787878 78787878
Call Trace: [<c013f66a>] [<c0136d49>]
Code: 89 1f 8b 44 24 18 29 47 08 31 c0 5b 5e 5f 5d 81 c4 2c 01 00


   Unfortunatly Oops messages aren't usefull if no decoded using
   ksymoops for example.

   That said, Oops shouldn't be good, so issues may be present.

   Try it out and let us know, please :)

--
      -----==-                                             |
      ----==-- _                                           |
      ---==---(_)__  __ ____  __       Marc Lehmann      +--
      --==---/ / _ \/ // /\ \/ /       pcg () opengroup org |e|
      -=====/_/_//_/\_,_/ /_/\_\       XX11-RIPE         --+
    The choice of a GNU generation                       |


bye bye

                        -- gg sullivan

--
Lorenzo Cavallaro       `Gigi Sullivan' <sullivan () sikurezza org>

LibRNet Project Home Page: http://www.sikurezza.org/sullivan
LibRNet Mailing List: librnet-subscribe () egroups com

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)

Current thread:

major security bug in reiserfs (may affect SuSE Linux) Marc Lehmann (Jan 09)
- Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) John Morrison (Jan 09)
- Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Chris Mason (Jan 09)
- Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Vladimir V. Saveliev (Jan 09)
- Re: major security bug in reiserfs (may affect SuSE Linux) Andreas Ferber (Jan 10)
  - Re: major security bug in reiserfs (may affect SuSE Linux) Mark Glines (Jan 12)
  - Re: major security bug in reiserfs (may affect SuSE Linux) Jack Coates (Jan 12)
- Re: major security bug in reiserfs (may affect SuSE Linux) Gigi Sullivan (Jan 10)
- Re: major security bug in reiserfs (may affect SuSE Linux) Christian Zuckschwerdt (Jan 10)
  - Re: major security bug in reiserfs (may affect SuSE Linux) Ryan Russell (Jan 10)
    - Re: major security bug in reiserfs (may affect SuSE Linux) Christian Zuckschwerdt (Jan 10)
  - Re: major security bug in reiserfs (may affect SuSE Linux) Felix von Leitner (Jan 12)
- <Possible follow-ups>
- Re: major security bug in reiserfs (may affect SuSE Linux) Marc Lehmann (Jan 10)
- Re: major security bug in reiserfs (may affect SuSE Linux) Ben Greenbaum (Jan 10)
  - Re: major security bug in reiserfs (may affect SuSE Linux) Thomas Mangin (Jan 12)