oss-sec mailing list archives

Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink()

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 26 Oct 2011 08:20:31 -0600

On 10/26/2011 05:05 AM, Petr Matousek wrote:

A flaw was found in the way Linux kernel's XFS filesystem implementation
handled links with pathname larger than MAXPATHLEN. When
CONFIG_XFS_DEBUG configuration option was not enabled when compiling
Linux kernel, an attacker able to mount malicious XFS image could use
this flaw to crash the system, or potentially, elevate his privileges
on that system.

Proposed upstream patch:
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=749156
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html

Thanks,

Please use CVE-2011-4077 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Petr Matousek (Oct 26)
- Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Kurt Seifried (Oct 26)