Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 154432 - zlib_inflate abuse by filesystems that depend on zlib compression
Summary: zlib_inflate abuse by filesystems that depend on zlib compression
Status: RESOLVED DUPLICATE of bug 158783
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://kernelfun.blogspot.com/2006/11...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-08 00:58 UTC by Dax
Modified: 2007-01-01 20:14 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dax 2006-11-08 00:58:09 UTC
Well its going to be an interesting month, 

MOKB-07-11-2006: Linux 2.6.x zlib_inflate memory corruption

    Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption. This particular vulnerability requires a filesystem (proof of concept for cramfs provided) to fail validation (ex. no integrity checking) of the binary stream in order to reach execution of zlib_inflate()

more information and debug stuff 
http://projects.info-pull.com/mokb/MOKB-07-11-2006.html

rgds
Daxomatic
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2007-01-01 20:14:25 UTC

*** This bug has been marked as a duplicate of 158783 ***