Vigil@nce - Linux kernel: buffer overflow via VFAT
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a special filename in a VFAT
partition, in order to trigger an overflow, leading to a denial of
service or to code execution.
– Impacted products: Linux, RHEL
– Severity: 2/4
– Creation date: 27/02/2013
DESCRIPTION OF THE VULNERABILITY
The VFAT filesystem is for example used by USB keys formatted on
Windows.
The utf8s_to_utf16s() function converts VFAT filenames from UTF-8
to UTF-16. However, the size of the output array is not checked,
which leads to a buffer overflow.
A local attacker can therefore create a special filename in a VFAT
partition, in order to trigger an overflow, leading to a denial of
service or to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-via-VFAT-12469