oss-sec mailing list archives
CVE request? buffer overflow in CIFS in 2.6.*
From: Marcus Meissner <meissner () suse de>
Date: Sun, 5 Apr 2009 00:11:31 +0200
Hi, I guess we need a CVE for this fix: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commitdiff;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7 Fixes a kmalloc area overflow in CIFS, number of overwritten bytes is depending on the codepage converted to. The data seems to come from a remote generated reply blob even, correct me if I am wrong. :/ Checking our enterprise distro kernels it seems to cover most of the 2.6 kernel range... 2.6.27 has the same code, 2.6.16 too, 2.6.5 too. And I wonder if "len*2" is sufficient, can't a UCS -> UTF8 conversion generate more than 2 byte utf-8 characters for 1 ucs character? (spotted by felix leitner, german blog entry: http://blog.fefe.de/?ts=b72905a8 ) Ciao, Marcus
Current thread:
- CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 04)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 06)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 07)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 20)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 21)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 21)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey (Apr 24)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 25)
- Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 07)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 06)