| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Apr 2009 12:59:48 +0200
From: Marcus Meissner <meissner@...e.de>
To: Andreas Bogk <andreas@...reas.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux Kernel CIFS Vulnerability
On Thu, Apr 09, 2009 at 03:07:40PM +0200, Andreas Bogk wrote:
> Dear list,
>
> as discovered by Felix von Leitner (http://blog.fefe.de/?ts=b72905a8),
> Linux kernel patch 2.6.29.1 contains:
>
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -3667,7 +3667,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
> BCC(smb_buffer_response)) {
> kfree(tcon->nativeFileSystem);
> tcon->nativeFileSystem =
> - kzalloc(length + 2, GFP_KERNEL);
> + kzalloc(2*(length + 1), GFP_KERNEL);
> if (tcon->nativeFileSystem)
> cifs_strfromUCS_le(
> tcon->nativeFileSystem,
>
> fixing a remotely exploitable buffer overflow vulnerability in the CIFS protocol.
assuming a malicious server.
> Neither the Linux kernel team, the CIFS maintainers nor any of the commercial Linux distributors bothered to send out an advisory.
> I'm at loss for words other than "irresponsible, arrogant assholes". Linux 2009 == Microsoft 2002.
The correct wording is "no advisory was released yet".
The issue is being worked on already, see the CIFS mailing list etc, thread
starts here:
http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html
Updates will be published when ready.
Ciao, Marcus
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists