Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

lug-bg: Kernel Exploit for 2.4.x, 2.5.x, and 2.6.x kernel branches.


  • Subject: lug-bg: Kernel Exploit for 2.4.x, 2.5.x, and 2.6.x kernel branches.
  • From: yawa@xxxxxxxxxxx
  • Date: Fri, 16 Apr 2004 13:38:28 -0300 (EEST)
  • Importance: Normal

Linux Kernel ISO9660 Buffer Overflow Privilege Escalation Vulnerability




Date:
15 April 2004


Security Alert ID:
1007776



Overview:
Linux is a free Unix-type operating system originally created by Linus
Torvalds with the
assistance of developers around the world. Developed under the GNU General
Public License ,
the source code for Linux is freely available to everyone.


Description:
A vulnerability in the Linux kernel has been discovered, which can be
exploited by malicious,
local users to gain escalated privileges on a vulnerable system and may
allow arbitrary code
execution with root or kernel level privileges.

The Linux kernel performs no length checking on symbolic links stored on
an ISO9660 file
system, allowing a malformed CD to perform an arbitrary length overflow in
kernel memory.

Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge'
extension to the
standard format. The vulnerability can be triggered by performing a
directory listing on a
maliciously constructed ISO file system, or attempting to access a file
via a malformed
symlink on such a file system. Many distributions allow local users to
mount CDs, which makes
them potentially vulnerable to local elevation attacks.

The relevant functions are as follows:

fs/isofs/rock.c: rock_ridge_symlink_readpage()
fs/isofs/rock.c: get_symlink_chunk()

There is no checking that the total length of the symlink being read is
less than the memory
space that has been allocated for storing it. By supplying many CE
(continuation) records,
each with another SL (symlink) chunk, it is possible for an attacker to
build an arbitrary
length data structure in kernel memory space.


Affected:
2.4.x, 2.5.x, and 2.6.x kernel branches.


Solution:
Update to Linux kernel versions 2.4.26 and 2.6.6-rc1.
http://kernel.org/


Õóáàâ Áúã .....



============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================



 

наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.