CVE-2009-4020 kernel: hfs buffer overflow

[Eugene Teo <eugeneteo () kernel sg>]

"A specially-crafted Hierarchical File System (HFS) filesystem could 
cause a buffer overflow to occur in a process's kernel stack during a 
memcpy() call within the hfs_bnode_read() function (at 
fs/hfs/bnode.c:24).  The attacker can provide the source buffer and 
length, and the destination buffer is a local variable of a fixed 
length.  This local variable (passed as "&entry" from fs/hfs/dir.c:112 
and allocated on line 60) is stored in the stack frame of 
hfs_bnode_read()'s caller, which is hfs_readdir(). Because the 
hfs_readdir() function executes upon any attempt to read a directory on 
the filesystem, it gets called whenever a user attempts to inspect any 
filesystem contents."

http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2
https://bugzilla.redhat.com/CVE-2009-4020

This has been assigned with CVE-2009-4020.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team