295652 – (CVE-2009-4020) Kernel: hfs filesystem buffer overflow (CVE-2009-4020)

Bug 295652 (CVE-2009-4020) - Kernel: hfs filesystem buffer overflow (CVE-2009-4020)

Summary: Kernel: hfs filesystem buffer overflow (CVE-2009-4020)

Status:	RESOLVED FIXED

Alias:	CVE-2009-4020

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://userweb.kernel.org/~akpm/mmotm...
Whiteboard:	[linux <2.6.33] [gp <2.6.31-8] [gp >=...
Keywords:	InVCS

Depends on:
Blocks:

Reported:	2009-12-04 13:05 UTC by Bjoern Tropf (RETIRED)
Modified:	2013-09-15 18:47 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bjoern Tropf (RETIRED) gentoo-dev

2009-12-04 13:05:34 UTC

Cve pending...

Comment 1 Bjoern Tropf (RETIRED) gentoo-dev

2009-12-04 13:11:12 UTC

@Kernel ->  Please fix this vulnerability in the next release. (2.6.32 is affected)

Comment 2 Bjoern Tropf (RETIRED) gentoo-dev

2009-12-04 14:08:55 UTC

Let's assume this will be fixed in 2.6.33 at least.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-12-12 00:58:21 UTC

CVE-2009-4020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4020):
  Stack-based buffer overflow in the hfs subsystem in the Linux kernel
  2.6.32 allows remote attackers to have an unspecified impact via a
  crafted Hierarchical File System (HFS) filesystem, related to the
  hfs_readdir function in fs/hfs/dir.c.