Vigil@nce - Debian: NULL pointer dereference via AUFS fcntl
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can force a NULL pointer to be dereferenced on an
AUFS filesystem via fcntl() on Debian, in order to trigger a
denial of service.
– Impacted products: Debian.
– Severity: 1/4.
– Creation date: 31/08/2016.
DESCRIPTION OF THE VULNERABILITY
The Debian product has a specific kernel patch for the AUFS file
system.
However, when the F_SETFL option of fcntl(), which changes the
states of a descriptor, is called on a directory, it dereferences
a NULL pointer.
A local attacker can therefore force a NULL pointer to be
dereferenced on an AUFS filesystem via fcntl() on Debian, in order
to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Debian-NULL-pointer-dereference-via-AUFS-fcntl-20492