Bug 494275 (CVE-2009-1439)
Summary: | CVE-2009-1439 kernel: cifs: memory overwrite when saving nativeFileSystem field during mount | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | bhu, dhoward, jlayton, jpirko, jskrabal, kseifried, lgoncalv, lwang, mjc, rcvalle, tao, vgoyal, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-11-02 00:16:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 494276, 494277, 494278, 494279, 494280 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2009-04-06 07:03:39 UTC
More references: https://bugzilla.novell.com/show_bug.cgi?id=492282 http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1439 to the following vulnerability: Name: CVE-2009-1439 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 Assigned: 20090427 Reference: MLIST:[linux-cifs-client] 20090406 [PATCH] cifs: Fix insufficient memory allocation for nativeFileSystem field Reference: URL: http://lists.samba.org/archive/linux-cifs-client/2009-April/004322.html Reference: MLIST:[oss-security] 20090405 CVE request? buffer overflow in CIFS in 2.6.* Reference: URL: http://www.openwall.com/lists/oss-security/2009/04/04/1 Reference: MLIST:[oss-security] 20090407 Re: CVE request? buffer overflow in CIFS in 2.6.* Reference: URL: http://www.openwall.com/lists/oss-security/2009/04/07/7 Reference: MLIST:[oss-security] 20090407 Re: CVE request? buffer overflow in CIFS in 2.6.* Reference: URL: http://www.openwall.com/lists/oss-security/2009/04/07/3 Reference: MISC: http://blog.fefe.de/?ts=b72905a8 Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=492282 Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. Update: These patches are needed too: f083def68f84b04fe3f97312498911afce79609e (fix for b363b330) 27b87fe52baba0a55e9723030e76fce94fabcea4 (another issue) 313fecfa69bbad0a10d3313a50a89d3064f47ce1 (add cFYI messages) 22c9d52bc03b880045ab1081890a38f11b272ae7 (remove unneeded pointer) to be patched on top of: b363b3304bcf68c4541683b2eff70b29f0446a5b. http://git.kernel.org/linus/b363b3304bcf68c4541683b2eff70b29f0446a5b http://git.kernel.org/linus/f083def68f84b04fe3f97312498911afce79609e http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4 http://git.kernel.org/linus/313fecfa69bbad0a10d3313a50a89d3064f47ce1 http://git.kernel.org/linus/22c9d52bc03b880045ab1081890a38f11b272ae7 It looks like this bug is fixed in the upstream 2.6.27.24 and 2.6.29.4 updates. kernel-2.6.27.24-78.2.53.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/kernel-2.6.27.24-78.2.53.fc9 kernel-2.6.27.24-170.2.68.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/kernel-2.6.27.24-170.2.68.fc10 kernel-2.6.27.24-170.2.68.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. kernel-2.6.27.24-78.2.53.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1081 https://rhn.redhat.com/errata/RHSA-2009-1081.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1106 https://rhn.redhat.com/errata/RHSA-2009-1106.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1211 https://rhn.redhat.com/errata/RHSA-2009-1211.html All children bugs have been closed, parent is no longer needed. |