On Thu, Apr 09, 2009 at 03:07:40PM +0200, Andreas Bogk wrote: > Dear list, > > as discovered by Felix von Leitner (http://blog.fefe.de/?ts=b72905a8), > Linux kernel patch 2.6.29.1 contains: > > --- a/fs/cifs/connect.c > +++ b/fs/cifs/connect.c > @@ -3667,7 +3667,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, > BCC(smb_buffer_response)) { > kfree(tcon->nativeFileSystem); > tcon->nativeFileSystem = > - kzalloc(length + 2, GFP_KERNEL); > + kzalloc(2*(length + 1), GFP_KERNEL); > if (tcon->nativeFileSystem) > cifs_strfromUCS_le( > tcon->nativeFileSystem, > > fixing a remotely exploitable buffer overflow vulnerability in the CIFS > protocol.
assuming a malicious server. > Neither the Linux kernel team, the CIFS maintainers nor any of the commercial > Linux distributors bothered to send out an advisory. > I'm at loss for words other than "irresponsible, arrogant assholes". Linux > 2009 == Microsoft 2002. The correct wording is "no advisory was released yet". The issue is being worked on already, see the CIFS mailing list etc, thread starts here: http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html Updates will be published when ready. Ciao, Marcus _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
