oss-sec mailing list archives
Buffer overflows in fsck may become security issues
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Tue, 8 Mar 2011 09:33:38 +0100
Hi, A buffer overflow in dosfsck caught my attention recently. Don't worry, it's harmless and already fixed upstreamĀ¹. However, it turned out that udisks has a dbus method that by default allows the user on the active console to run fsck on removable media. fsck is run as root in this case. I haven't checked whether fsck is run automatically in any environment. However, since some desktops automatically mount removeable media it seems logical to call fsck first. So overflows in the various fsck binaries could allow local privilege escalation. cu Ludwig [1] http://git.debian-maintainers.org/?p=daniel/dosfstools.git;a=commitdiff;h=a9055613f0d826021db65c79c2df87ac91e89215 -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- Buffer overflows in fsck may become security issues Ludwig Nussel (Mar 08)