Vigil@nce: Linux kernel, buffer overflow via hfs_mac2asc
December 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker, who is allowed to mount an HFS filesystem, can
generate an overflow, in order to create a denial of service or to
execute privileged code.
– Severity: 2/4
– Creation date: 21/11/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel support HFS (Hierarchical File System)
filesystems, which are mainly used on Mac OS.
The hfs_mac2asc() function of the fs/hfs/trans.c file converts Mac
filenames to ASCII. However, if the filename length is greater
than HFS_MAX_NAMELEN (31 characters), a buffer overflow occurs.
A local attacker, who is allowed to mount an HFS filesystem, can
therefore generate an overflow, in order to create a denial of
service or to execute privileged code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-via-hfs-mac2asc-11169