Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 10 Nov 2008 13:27:42 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>, Greg KH <greg@...ah.com>
Subject: Re: CVE requests: kernel: hfsplus-related bugs

Eugene Teo wrote:
> These were committed in upstream kernel. Reported by Eric Sesterhenn.
> 
> 1) hfsplus: fix Buffer overflow with a corrupted image
> Upstream commit: efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
> 
> When an hfsplus image gets corrupted it might happen that the catalog
> namelength field gets b0rked.  If we mount such an image the memcpy() in
> hfsplus_cat_build_key_uni() writes more than the 255 that fit in the
> name field.  Depending on the size of the overwritten data, we either
> only get memory corruption or also trigger an oops.

There's an equivalent bug for hfs. The upstream commit is d38b7aa. We
will need a CVE name for this too.

Greg, I don't recall seeing this in -stable kernel. FYI.

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ