| Summary: | zlib_inflate abuse by filesystems that depend on zlib compression | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Dax <gentoomail> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://kernelfun.blogspot.com/2006/11/mokb-07-11-2006-linux-26x-zlibinflate.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Well its going to be an interesting month, MOKB-07-11-2006: Linux 2.6.x zlib_inflate memory corruption Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption. This particular vulnerability requires a filesystem (proof of concept for cramfs provided) to fail validation (ex. no integrity checking) of the binary stream in order to reach execution of zlib_inflate() more information and debug stuff http://projects.info-pull.com/mokb/MOKB-07-11-2006.html rgds Daxomatic