• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflow Vulnerabilities

The MOXA serial driver in the Linux kernel is reported prone to multiple buffer-overflow vulnerabilities. The driver fails to perform proper bounds checks before copying user-supplied data to fixed-size memory buffers.

These vulnerabilities reside in the 'drivers/char/moxa.c' file.

The vulnerable functions perform a 'copy_from_user()' call to copy user-supplied, user-space data to a fixed-size, static kernel memory buffer (moxaBuff) of 10240 bytes in length while using the user-supplied length argument as passed from 'MoxaDriverIoctl()'. This reportedly results in improperly bounded operations, potentially causing locally exploitable buffer overflows.

Linux kernels from 2.2 through 2.4 and 2.6 are all reported prone to these vulnerabilities.