Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090404221131.GA30528@suse.de>
Date: Sun, 5 Apr 2009 00:11:31 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: security@...nel.org, sfrench@...ibm.com
Subject: CVE request? buffer overflow in CIFS in 2.6.*

Hi,

I guess we need a CVE for this fix:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.29.y.git;a=commitdiff;h=15bd8021d870d2c4fbf8c16578d72d03cfddd3a7

Fixes a kmalloc area overflow in CIFS, number of overwritten bytes
is depending on the codepage converted to.

The data seems to come from a remote generated reply blob even, correct
me if I am wrong. :/

Checking our enterprise distro kernels it seems to cover most of the
2.6 kernel range...
2.6.27 has the same code, 2.6.16 too, 2.6.5 too.



And I wonder if "len*2" is sufficient, can't a UCS -> UTF8 conversion
generate more than 2 byte utf-8 characters for 1 ucs character?

(spotted by felix leitner, german blog entry: http://blog.fefe.de/?ts=b72905a8 )

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.