Linux Kernel ISO9660 File System Buffer Overflow Vulnerability

It has been reported that the Linux Kernel is prone to a local ISO9660 file system buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries when processing file system information. An attacker must have adequate permissions to mount the malicious file system to exploit the issue. This is not enabled by default on a number of available Linux distributions.

This issue may be exploited by an attacker to overflow and modify kernel memory, potentially allowing the attacker to create an arbitrary data structure in kernel memory. This issue may be leveraged to gain kernel level access to the affected system.


Privacy Statement
Copyright 2010, SecurityFocus