Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 279898 (CVE-2009-2407) - eCryptfs: <2.6.30.4 parse_tag_3_packet check tag 3 packet encrypted key size (CVE-2009-2407)
Summary: eCryptfs: <2.6.30.4 parse_tag_3_packet check tag 3 packet encrypted key size ...
Status: RESOLVED FIXED
Alias: CVE-2009-2407
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux <2.6.27.29] [linux >=2.6.28 <2...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-01 11:57 UTC by Kerin Millar
Modified: 2013-09-15 18:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kerin Millar 2009-08-01 11:57:31 UTC
Spotted in the 2.6.30.4 ChangeLog:

commit 59a1c9b5b74e95eea73a6f85c574bd63031a0bcf
Author: Ramon de Carvalho Valle <ramon@risesecurity.org>
Date:   Tue Jul 28 13:58:22 2009 -0500

eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size (CVE-2009-2407)

commit f151cd2c54ddc7714e2f740681350476cda03a28 upstream.

The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.

Signed-off-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
[tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-01 15:07:34 UTC
CVE-2009-2407 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2407):
  Heap-based buffer overflow in the parse_tag_3_packet function in
  fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel
  before 2.6.30.4 allows local users to cause a denial of service
  (system crash) or possibly gain privileges via vectors involving a
  crafted eCryptfs file, related to a large encrypted key size in a Tag
  3 packet.