Vigil@nce - Linux kernel: memory corruption via a MacOS partition
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can mount a device with a malicious MacOS partition,
in order to corrupt the kernel memory, which leads to a denial of
service or to code execution.
Severity: 2/4
Creation date: 22/02/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The fs/partitions/mac.c file implements the support of MacOS
partitions. These partitions are automatically read when an
attacker connects/mounts a device formatted with MacOS.
The mac_partition() function reads sectors indicated in the
partition table. However, if the number of blocks is negative or
too high, a read at an invalid memory area or a memory corruption
occurs.
An attacker can therefore mount a device with a malicious MacOS
partition, in order to create a denial of service or to execute
code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-corruption-via-a-MacOS-partition-10385