Security-Enhanced Linux Buffer Overflow Vulnerability

Security-Enhanced Linux is an add-on access control infrastructure developed and distributed by the U.S. National Security Agency. A problem exists which could allow the altering of sensitive information on a running system.

The problem occurs in the libsecure/get_default_type.c file. get_default_type attempts to allocate buffer space by extracting the default type from /etc/security/default_type and copying the result to a buffer. The buffer that is created, however, is generally one byte too small and creates an ideal situation for a buffer overflow attack. This vulnerability can be exploited by a malicious user to potentially overwrite malloc()'d fields that may contain other application data, or overhead data that another application was relying upon.


Privacy Statement
Copyright 2010, SecurityFocus