| Summary: | Kernel: hfs filesystem buffer overflow (CVE-2009-4020) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Bjoern Tropf (RETIRED) <asym> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kernel |
| Priority: | High | Keywords: | InVCS |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch | ||
| Whiteboard: | [linux <2.6.33] [gp <2.6.31-8] [gp >=2.6.32-1 <2.6.32-2] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Bjoern Tropf (RETIRED)
2009-12-04 13:05:34 UTC
@Kernel -> Please fix this vulnerability in the next release. (2.6.32 is affected) Let's assume this will be fixed in 2.6.33 at least. CVE-2009-4020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4020): Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. |
