Vigil@nce - Linux kernel: buffer overflow via HFS Plus
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can mount a malicious HFS Plus filesystem, in
order to generate a buffer overflow and possibly to execute code.
Severity: 2/4
Creation date: 07/05/2012
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The HFS filesystem is mainly used on Mac OS.
The hfsplus_rename_cat() (of fs/hfsplus/catalog.c) and
hfsplus_readdir() (of fs/hfsplus/dir.c) functions call the
hfs_bnode_read() function, which reads information from the
filesystem. However, if the filesystem indicates a large size, the
hfsplus_rename_cat() and hfsplus_readdir() functions do not check
the value indicated by hfs_bnode_read().
A local attacker can therefore mount a malicious HFS Plus
filesystem, in order to generate a buffer overflow and possibly to
execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-via-HFS-Plus-11588