oss-sec mailing list archives
Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 07 May 2012 09:56:08 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/07/2012 02:44 AM, Timo Warns wrote:
The Linux kernel (at least 3.x <= 3.3.4 and 2.6.x <= 2.6.35.13) contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c). The functions hfsplus_rename_cat() (in fs/hfsplus/catalog.c) and hfsplus_readdir() (in fs/hfsplus/dir.c) call hfs_bnode_read() with values that result in a memcpy() call with a fixed-length destination buffer and both, a source buffer and length, that are read from the filesystem without sufficient validation. The buffer overflows were previously fixed in the HFS filesystem driver and have been assigned CVE-2009-4020 (commit ec81aecb29668ad71f699f4e7b96ec46691895b6 [1]). Commit 6f24f892871acc47b40dd594c63606a17c714f77 ("hfsplus: fix a potential buffer overflow") [2] also fixes the issue in the HFS plus filesystem driver. [1] http://git.kernel.org/linus/ec81aecb29668ad71f699f4e7b96ec46691895b6
[2] http://git.kernel.org/linus/6f24f892871acc47b40dd594c63606a17c714f77 Please use CVE-2012-2319 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPp/CYAAoJEBYNRVNeJnmT1YQQANJylNvJD3TWpJVeAFltrFpV hxYSPq03/99qJS+aCOre56JoVZL0GvpTik3iCsfngjZJxawS7ntaEelTqN2BJofG tupyQayC4pCMfhTf+y6BA+7nMbf8pDBDbxjLE3Khdwj7xx29uI0KpzErTUsaNAEA NFsh8Od1UGnAYsvGRDoVAQgMu4J1X9Ld99jGzpsYv8G7BkMMRPQ27rNRP6nzEzLl rz/FfSA40zo8uJjw5JJ+V+Jx6siGlUdrITx+lwV3M8LbkbckneKZLdiCtOSWlE// kN/VPuT174dD8iBew6Zm1rsiGafqX5vZ4lUrg+sPvlpEi3gIEZAIx5uyFYgL0NFR fVuckfOlfg4COpNj0zq8dswW1sA5vgbdSLPCrtRTrM8A2IaA26LNOGC1afd8E++3 8soJfNVuempwwuHalv0h5rPh2Cju4NpjhbUKStYPK+9TYKBjMItYsmgFpEcslX6u HZB01YPeHjc3/E2crvF/ksT1/Q3p7Kc53Bkf5QI/y23KcDh7degsnowpe9FD99oQ qQpZOleNiEFlkDnCb6KXRzsrObAQg1dU136qUQKc/CfSR7tmYz8jtIOYHNx7NIvN KfD/zJnNebHReJoRgt+7zRxiQp9er5lgiUo7xU1Yg/3JyUZr/d66Zo5sSyllX2VN rwWSOFDG8DhBlCFLcfVM =XY4f -----END PGP SIGNATURE-----
Current thread:
- CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Timo Warns (May 07)
- Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Kurt Seifried (May 07)