Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux Kernel CIFS Vulnerability

From: Marcus Meissner <meissner () suse de>
Date: Fri, 10 Apr 2009 12:59:48 +0200
On Thu, Apr 09, 2009 at 03:07:40PM +0200, Andreas Bogk wrote:

Dear list,

as discovered by Felix von Leitner (http://blog.fefe.de/?ts=b72905a8), 
Linux kernel patch 2.6.29.1 contains:

--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3667,7 +3667,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
                            BCC(smb_buffer_response)) {
                                kfree(tcon->nativeFileSystem);
                                tcon->nativeFileSystem =
-                                   kzalloc(length + 2, GFP_KERNEL);
+                                   kzalloc(2*(length + 1), GFP_KERNEL);
                                if (tcon->nativeFileSystem)
                                        cifs_strfromUCS_le(
                                                tcon->nativeFileSystem,

fixing a remotely exploitable buffer overflow vulnerability in the CIFS protocol.


assuming a malicious server.


Neither the Linux kernel team, the CIFS maintainers nor any of the commercial Linux distributors bothered to send out 
an advisory.
I'm at loss for words other than "irresponsible, arrogant assholes".  Linux 2009 == Microsoft 2002.


The correct wording is "no advisory was released yet".

The issue is being worked on already, see the CIFS mailing list etc, thread
starts here:
http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html

Updates will be published when ready.

Ciao, Marcus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: