oss-sec mailing list archives
Re: Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.*
From: Marcus Meissner <meissner () suse de>
Date: Fri, 15 May 2009 17:09:41 +0200
On Thu, May 14, 2009 at 01:01:11PM -0400, Steven M. Christey wrote:
On Thu, 14 May 2009, Eugene Teo wrote:CVE-2009-NOT-YET-ASSIGNED: http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4 http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61 http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413 + some others in progressThese fixes need to be tagged to a CVE.Use CVE-2009-1633, to be filled in later. This CVE should be anchored *only* on the issue above. I'm almost afraid to ask what relationship there is between the above commits and the extensive list of other issues from Jeff Layton, which lists the above commit and a ton of others. Mark Cox or Josh Bressers, this might be a good time for you to step in CNA-wise?
The string conversion code in the CIFS module handling was rewritten to be able to handle destination buffer sizes. Its basically starting with this commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7fabf0c9479fef9fdb9528a5fbdb1cb744a744a4 and then conversions of the code to it. I am however not sure of how much needs to be backported, I guess only the stuff already with CVE entries. Ciao, Marcus
Current thread:
- Re: CVE request? buffer overflow in CIFS in 2.6.*, (continued)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 21)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey (Apr 24)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 25)
- Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 29)
- Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (May 13)
- Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Jeff Layton (May 14)
- Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey (May 14)
- Re: Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (May 15)
- Re: CVE request? buffer overflow in CIFS in 2.6.* Mark J Cox (Apr 27)