Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Sun, 5 Apr 2009 00:11:31 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: security@...nel.org, sfrench@...ibm.com
Subject: CVE request? buffer overflow in CIFS in 2.6.*

Hi,

I guess we need a CVE for this fix:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commitdiff;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7

Fixes a kmalloc area overflow in CIFS, number of overwritten bytes
is depending on the codepage converted to.

The data seems to come from a remote generated reply blob even, correct
me if I am wrong. :/

Checking our enterprise distro kernels it seems to cover most of the
2.6 kernel range...
2.6.27 has the same code, 2.6.16 too, 2.6.5 too.



And I wonder if "len*2" is sufficient, can't a UCS -> UTF8 conversion
generate more than 2 byte utf-8 characters for 1 ucs character?

(spotted by felix leitner, german blog entry: http://blog.fefe.de/?ts=b72905a8 )

Ciao, Marcus

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux