78226 : Linux Kernel fs/xfs/xfs_acl.c xfs_acl_from_disk() Function Memory Corruption
Printer | http://osvdb.org/78226 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
6	768	over 1 year ago	4 months ago	6 times	45%

This Entry needs help! It is only 45% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Timeline

Disclosure Date
2012-01-10

Description

<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0038" target="_blank">CVE</a>)</em> : Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.

Classification

Location: Physical Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch in the GIT repository to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Unknown or Incomplete

References

Security Tracker: 1026512
CVE ID: 2012-0038 (see also: NVD)
SCIP VulDB ID: 4536
Secunia Advisory ID: 47488 47830 47900 47974 48015 48018 48155 48267 48272 48287 48292 48294 48306 48311 48313 48655 49733 49736 51188
Bugtraq ID: 51380
Vendor Specific Solution URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba
Other Advisory URL: http://kqueue.org/blog/2012/01/10/cve-2012-0038-xfs-acl-count-integer-overflow/
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00001.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00002.html
http://wiki.openvz.org/Download/kernel/rhel6/042stab053.5
http://www.ubuntu.com/usn/usn-1356-1/
http://www.ubuntu.com/usn/usn-1361-1/
http://www.ubuntu.com/usn/usn-1362-1/
http://www.ubuntu.com/usn/usn-1363-1/
http://www.ubuntu.com/usn/usn-1364-1/
http://www.ubuntu.com/usn/usn-1384-1/
http://www.ubuntu.com/usn/usn-1386-1/
http://www.ubuntu.com/usn/usn-1387-1/
http://www.ubuntu.com/usn/usn-1388-1/
http://www.ubuntu.com/usn/usn-1389-1/
http://www.ubuntu.com/usn/usn-1391-1/
http://www.ubuntu.com/usn/usn-1394-1/
https://hermes.opensuse.org/messages/15023693
RedHat RHSA: RHSA-2012:0333 RHSA-2012:0350 RHSA-2012:1042

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 4.9
Source: nvd.nist.gov | Generated: 2012-05-17 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.