ecryptfs: Extend array bounds for all filename chars
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Colin Ian King | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Colin Ian King | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Colin Ian King |
Bug Description
SRU justification:
Impact:
From mhalcrow's original commit message:
Characters with ASCII values greater than the size of
filename_rev_map[] are valid filename characters.
ecryptfs_
that array, and ecryptfs_
those characters. The attacker, using the FNEK of the crafted file,
can then re-encrypt the characters to reveal the kernel memory past
the end of the filename_rev_map[] array. I expect low security
impact since this array is statically allocated in the text area,
and the amount of memory past the array that is accessible is
limited by the largest possible ASCII filename character.
Fix:
Upstream commit 0f751e641a71157
Note: This patch has already been picked up in Lucid as part of
the stable updates process, but got overlooked for Natty.
Related branches
CVE References
Changed in linux (Ubuntu): | |
assignee: | nobody → Colin King (colin-king) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Precise): | |
status: | In Progress → Fix Released |
Changed in linux (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Natty): | |
status: | New → Fix Committed |
This bug is awaiting verification that the kernel for Natty in -proposed solves the problem (2.6.38-13.57). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- natty' to 'verification- done-natty' .
If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!