oss-sec mailing list archives
Re: CVE requests: kernel: hfsplus-related bugs
From: "Eugene Teo" <eugeneteo () kernel sg>
Date: Mon, 10 Nov 2008 23:34:53 +0800
Hi Steve, On Mon, Nov 10, 2008 at 10:47 PM, Steven M. Christey <coley () linus mitre org> wrote:
On Mon, 10 Nov 2008, Eugene Teo wrote:1) hfsplus: fix Buffer overflow with a corrupted image Upstream commit: efc7ffcb4237f8cb9938909041c4ed38f6e1bf40... There's an equivalent bug for hfs. The upstream commit is d38b7aa. We will need a CVE name for this too.Use CVE-2008-5025 Is the bug exactly equivalent? Could you be more specific about existing references? "d38b7aa" doesn't look like a typical commit ID so the CVE is currently marked as reserved.
Both patches validate the catalog name length. The following is the description of the hfs bug: "Fix a stack corruption caused by a corrupted hfs filesystem. If the catalog name length is corrupted the memcpy overwrites the catalog btree structure. Since the field is limited to HFS_NAMELEN bytes in the structure and the file format, we throw an error if it is too long." It is possible to use the 7-hexdigit instead of the usual 40-hexdigit SHA1 hash to refer to the commit ID. Thanks, Eugene
Current thread:
- CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 03)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 09)
- Re: CVE requests: kernel: hfsplus-related bugs Steven M. Christey (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Steven M. Christey (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Steven M. Christey (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 09)
- Re: CVE requests: kernel: hfsplus-related bugs Greg KH (Nov 11)
- Re: CVE requests: kernel: hfsplus-related bugs Greg KH (Nov 11)