Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 247574

Summary: Kernel: <2.6.28-rc1 buffer overflow hfs_cat_find_brec() in fs/hfs/catalog.c (CVE-2008-5025)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=d38b7aa7fc3371b52d036748028db50b585ade2e
Whiteboard:
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-19 12:28:39 UTC 
CVE-2008-5025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5025):
  Stack-based buffer overflow in the hfs_cat_find_brec function in
  fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows
  attackers to cause a denial of service (memory corruption or system
  crash) via an hfs filesystem image with an invalid catalog namelength
  field, a related issue to CVE-2008-4933.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-19 12:32:05 UTC 

*** This bug has been marked as a duplicate of bug 246710 ***