Summary: | Kernel: hfs filesystem buffer overflow (CVE-2009-4020) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bjoern Tropf (RETIRED) <asym> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | High | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch | ||
Whiteboard: | [linux <2.6.33] [gp <2.6.31-8] [gp >=2.6.32-1 <2.6.32-2] | ||
Package list: | Runtime testing required: | --- |
Description
Bjoern Tropf (RETIRED)
2009-12-04 13:05:34 UTC
@Kernel -> Please fix this vulnerability in the next release. (2.6.32 is affected) Let's assume this will be fixed in 2.6.33 at least. CVE-2009-4020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4020): Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. |