Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 582530 - <sys-fs/dosfstools-4.0-r1: multiple vulnerabilities (CVE-{2015-8872,2016-4804})
Summary: <sys-fs/dosfstools-4.0-r1: multiple vulnerabilities (CVE-{2015-8872,2016-4804})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-09 09:45 UTC by Agostino Sarubbo
Modified: 2017-01-09 21:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-05-09 09:45:36 UTC 
From ${URL} :

https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html

I lately fuzzed various filesystem check tools. This uncovered a number
of issues in dosfstools / fsck.fat that have now been fixed in the new
version 4.0. All issues were found with american fuzzy lop and address
sanitizer.

https://github.com/dosfstools/dosfstools/issues/11
Global out of bounds read file_stat() / check_dir()
https://github.com/dosfstools/dosfstools/commit/2aad1c83c7d010de36afbe79c9fde22c50aa2f74
Git commit / fix

https://github.com/dosfstools/dosfstools/issues/12
Unclear invalid memory access in get_fat()
https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
Git commit / fix

https://github.com/dosfstools/dosfstools/issues/25
Heap overflow in read_fat()
https://github.com/dosfstools/dosfstools/issues/26
Heap out of bounds read in get_fat()
https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
Git commit / fix for both issues

These bugs can pose a security risk if a system automatically checks
attached storage media with fsck or in situations where filesystems on
untrusted devices get checked. The new version dosfstools 4.0 fixes all
four bugs.



@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-05-16 16:37:48 UTC 
these are all in the 4.0 release which is already in the tree.  should be fine for stable.
Comment 2 Felix Janda 2016-10-10 22:38:29 UTC 
Since SpanKY is ok with it, can this be stabilized? Bug 574654 would
be fixed at the same time.
Comment 3 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-10-11 10:26:22 UTC 
Arches please test and mark stable =sys-fs/dosfstools-r1 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~arm-linux ~x86-linux
Comment 4 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-10-11 10:28:47 UTC 
Whoops, typo...

Arches please test and mark stable =sys-fs/dosfstools-4.0-r1 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~arm-linux ~x86-linux
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2016-10-11 14:18:28 UTC 
Stable on alpha
Comment 6 Agostino Sarubbo gentoo-dev 2016-10-11 15:51:28 UTC 
amd64 stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-12 11:47:24 UTC 
Stable for HPPA PPC64.
Comment 8 Markus Meier gentoo-dev 2016-10-18 19:46:03 UTC 
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-11-20 13:46:20 UTC 
x86 stable
Comment 10 SpanKY gentoo-dev 2016-11-22 20:36:50 UTC 
done the rest now
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2017-01-01 13:41:45 UTC 
Downgraded to B3 as both CVE's identify a DoS.

GLSA Vote: No

@maintainer(s), please clean the vulnerable version from the tree.
Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-08 23:11:00 UTC 
Cleanup PR: https://github.com/gentoo/gentoo/pull/3393
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-09 21:49:23 UTC 
Cleaned up via a1df44e19222491817ca271bd98a6ccdcd291b06.