oss-sec mailing list archives
Re: CVE Request: Squashfs 4.2 Race Condition
From: cve-assign () mitre org
Date: Wed, 30 Dec 2015 15:37:23 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A malformed Squashfs filesystem can cause a race condition in unsquashfs.
This is caused by the decompress thread attempting to access a shared
queue, resulting in a SIGSEGV.
struct cache_entry *entry = queue_get(to_deflate);
Do you have any information about a scenario in which this bug crosses
a privilege boundary?
Do you mean that, because of the details of the SIGSEGV, there's a
reasonable likelihood of code execution when a victim runs unsquashfs
on an untrusted SquashFS filesystem image?
Other possibilities in which there could be a CVE ID assigned include:
- if the affected unsquashfs code were also available as a library
that was used to build a program that was supposed to remain
running to handle multiple unsquash operations
- if the affected unsquashfs code were also used to support a
SquashFS filesystem that was mounted on a system, and an
unprivileged user could crash the system by reading from the
filesystem
- (again for this use of the affected code) if a system exists that
automatically mounts SquashFS filesystems found on removable
media, and inserting removable media could crash the system
- (again for this use of the affected code) maybe a scenario in
which the SIGSEGV ultimately leads to disclosure of private data
that wasn't contained in the SquashFS filesystem
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWhEAZAAoJEL54rhJi8gl51ikP/icQQJUyV/Zw43KeOs5BmVJg
dWCI2KqVbhjDWW0esdrzL/LAzYMSvH+jXfNBZthzg2e5pFb3+YjkvKiejS5CZszT
DTfWTFEfbjDKtIbrISqMAOM7SS9dCy3Zqu37VA1riqzpDRjD4PyoQTn5d95ck8Y9
1aPEEgkTv9Z+VbAv1ONvOK6vLeHXcyovkyXyBdJxPYoXXCQjn3CC6TAYW9HF9qrL
AYgSLCogHI3e1PnjA+EHsBqRBYeh70nkH8yrYWj0WDxZFwmnMTb1p+KE5rOwJw/a
Gpvq5cM4rtWdV//XFMdBsyg4q/hbJ1leY9W5invnAeeqe8wkVGuJCApS7neRB5pU
TV9wvGudvn73hkE61yDSR6Hp2qUGcIYZ1FHK9+uSrYmO6zczJJy7F6lax90BmgWD
bvJUvquYRCwV+OUWLMkN7vctY5BXTiM47wLIi6bJMUma65e3Q5TXHcBd6F3p8pCe
7OoNfuzqSDRU1FHz8oxuzLtVMIEzRT9sz9JMTo6ZtdLfzDZBet1qM9p9dXo8Nyej
2Kpm1jN2mlvlnHCQzN1XtweCM/eAbQaxM0/WZzhJ3ipIJQnMLCFSeZH7QS6BbuDC
AAnHD8BIH70VYhmZrHLDaRrW08RYWtyaAdiJMeygsiFIxdNxpPUjmFOHHvElkzw1
LhwDS57lxKg9o5p1S+zH
=riOK
-----END PGP SIGNATURE-----
Current thread:
- CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo (Dec 30)
- Re: CVE Request: Squashfs 4.2 Race Condition cve-assign (Dec 30)
- Re: CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo (Dec 30)
- Re: Re: CVE Request: Squashfs 4.2 Race Condition Jeremy Stanley (Dec 31)
- Re: CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo (Dec 30)
- Re: CVE Request: Squashfs 4.2 Race Condition cve-assign (Dec 30)