Summary: | sys-boot/syslinux: LZO Denial of Service and Arbitrary Code Execution through embedded code | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, chithanh, k_f |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 515246 |
Description
Yury German
2014-06-26 22:57:09 UTC
http://seclists.org/oss-sec/2014/q2/676 syslinux does contain the affected code, but I am not sure about the impact. If I understand correctly, the attacker needs to point the boot loader to a specially crafted LZO compressed archive. From http://seclists.org/oss-sec/2014/q2/695: For the record, I just upgraded Syslinux to LZO 2.07. The only code that ends up in the Syslinux build at all changed only in comments and in #if'd out code. The only use of LZO is in the Syslinux core, which uses the assembly LZO implementation, which seems to have been unaffected. Syslinux does not use LZO on arbitrary data. -hpa |