Vigil@nce - Linux kernel: buffer overflow via HFS Plus
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can mount a malicious HFS Plus filesystem, in order to generate a buffer overflow and possibly to execute code.
Creation date: 07/05/2012
DESCRIPTION OF THE VULNERABILITY
The HFS filesystem is mainly used on Mac OS.
The hfsplus_rename_cat() (of fs/hfsplus/catalog.c) and hfsplus_readdir() (of fs/hfsplus/dir.c) functions call the hfs_bnode_read() function, which reads information from the filesystem. However, if the filesystem indicates a large size, the hfsplus_rename_cat() and hfsplus_readdir() functions do not check the value indicated by hfs_bnode_read().
A local attacker can therefore mount a malicious HFS Plus filesystem, in order to generate a buffer overflow and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN