Back to list
[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
May 16 2012 02:04PM
Timo Warns (warns pre-sense de)
PRE-CERT Security Advisory
* Advisory: PRE-SA-2012-03
* Released on: 10 May 2012
* Affected product: Linux Kernel 3.3.x <= 3.3.4
2.6.x <= 18.104.22.168
* Impact: code execution / privilege escalation
* Origin: HFS plus file system
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2012-2319
The Linux kernel contains a vulnerability in the driver for HFS plus
file systems that may be exploited for code execution or privilege
A specially-crafted HFS plus filesystem can cause a buffer overflow via
the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c). The
hfsplus_rename_cat() (in fs/hfsplus/catalog.c) and
hfsplus_readdir() (in fs/hfsplus/dir.c)
call hfs_bnode_read() with values that result in a memcpy() call with
a fixed-length destination buffer and both, a source buffer and length,
that are read from the filesystem without sufficient validation.
The buffer overflows were previously fixed in the HFS filesystem driver
and have been assigned CVE-2009-4020
(commit ec81aecb29668ad71f699f4e7b96ec46691895b6 ).
Commit 6f24f892871acc47b40dd594c63606a17c714f77 ("hfsplus: fix
a potential buffer overflow")  also fixes the issue in the HFS plus
Compile and use a kernel that does not support the HFS plus file system.
The corresponding configuration key is CONFIG_HFSPLUS_FS.
A patch is available at
The issue has been fixed in Linux 3.3.5.
When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:
PRE-CERT can be reached under precert (at) pre-secure (dot) de. [email concealed] For PGP key
information, refer to http://www.pre-cert.de/.
[ reply ]
Copyright 2010, SecurityFocus