Bug 1193830 (CVE-2014-9683) - CVE-2014-9683 kernel: buffer overflow in eCryptfs
Summary: CVE-2014-9683 kernel: buffer overflow in eCryptfs
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-9683
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1202155 1202156
Blocks: 1193831
TreeView+ depends on / blocked
 
Reported: 2015-02-18 11:08 UTC by Martin Prpič
Modified: 2021-02-17 05:38 UTC (History)
32 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2015-07-22 19:33:27 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1272 0 normal SHIPPED_LIVE Moderate: kernel security, bug fix, and enhancement update 2015-07-22 11:56:25 UTC

Description Martin Prpič 2015-02-18 11:08:52 UTC
A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names.
A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

Upstream fix:
-------------
 -> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc

Reference:
-----------
 -> http://seclists.org/oss-sec/2015/q1/582

Comment 2 Wade Mealing 2015-03-13 06:02:01 UTC
Statement:

This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 7; and kernel-rt packages as shipped with Red Hat Enterprise MRG 2 and Red Hat Enterprise Linux 7.

Comment 5 errata-xmlrpc 2015-07-22 08:40:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1272 https://rhn.redhat.com/errata/RHSA-2015-1272.html

Comment 6 tomsun 2015-08-24 08:24:09 UTC
(In reply to Wade Mealing from comment #2)
> Statement:
> 
> This issue did not affect versions of the Linux kernel as shipped with Red
> Hat Enterprise Linux 5 and 7; and kernel-rt packages as shipped with Red Hat
> Enterprise MRG 2 and Red Hat Enterprise Linux 7.

why not did affect to rhel 7, it has the seam code with rhel 6?

case 2:
			dst[dst_byte_offset++] |= (src_byte);
			dst[dst_byte_offset] = 0;
			current_bit_offset = 0;

3ks

Comment 7 Wade Mealing 2015-08-26 06:59:53 UTC
Gday Tomsun,

You're correct it does seem to have the same code as EL6, however the encryptfs code is not enabled on EL7.

You may see some similarly named CONFIG_ECRYPT_FS functions in the kernel are not included to be built.

/home/wmealing/rpmbuild/BUILD/kernel-3.10.0-229.el7/linux-3.10.0-229.el6.x86_64
[wmealing@work-desktop linux-3.10.0-229.el6.x86_64]$ cat .config |grep ECRYPT
# CONFIG_ECRYPT_FS is not set

You may however see similarly named symbols in the kernel:

[root@unused-9-133 ~]# cat /proc/kallsyms  |grep ecryptfs_|head -n 3
ffffffff81266f70 T ecryptfs_get_auth_tok_key
ffffffff81266f90 T ecryptfs_get_versions
ffffffff81266fc0 T ecryptfs_fill_auth_tok

But these are helper functions generated by CONFIG_ENCRYPTED_KEYS kernel config options, not be encryptfs itself.

If you have any further options, please open a ticket with a Red Hat support staff member.

Thanks.

Wade Mealing
Product Security


Note You need to log in before you can comment on or make changes to this bug.