Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Linux ISO9660 handling flaws

from [Michal Zalewski] Network Security [Permanent Link]
Subject: Linux ISO9660 handling flaws
Date: Thu, 17 Mar 2005 22:36:45 +0100 (CET) 
Good morning,

There appears to be a fair number of kernel-level range checking flaws in
ISO9660 filesystem handler (and Rock Ridge / Juliet extensions) in Linux
up to and including 2.6.11. These bugs range from DoS conditions to
potentially exploitable memory corruption - all this whenever a specially
crafted filesystem is mounted or directories are examined.

Most apparent flaws are expected to be fixed in Linux 2.6.12 (rc to show
up by tomorrow or so), although, as per Linus words, "that code is
horrid", and it may take some time to work out all the issues.

The impact is not dramatic, but there are two obvious ways such flaws can
be used to benefit remote attackers:

  1) Bugs in removable media filesystems may be used to automatically
     compromise any system whose owner decided to examine a newly acquired
     CD-ROM, even if extreme caution is observed (that is, autorun is
     disabled, and no files are executed).

  2) For all types of filesystems, such problems can be additionally used
     to subvert forensic analysis efforts. Disk images from compromised
     machine may infect forensic examiner's system and alter results,
     or simply render the machine unusable.

Attached is a trivial fuzz script that can be used to test fs drivers
against most obvious fault conditions. With little effort, it can be
further altered to test filesystems other than ISO9660, and OSes other
than Linux.

Regards,
Michal Zalewski

Obligatory plug: http://lcamtuf.coredump.cx/silence/

Attachment: cdmangle
Description: Text document

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Linux ISO9660 handling flaws, Michal Zalewski <=
Previous by Date:  [VulnWatch] LLSSRV Redux, Dave Aitel
Next by Date:  [VulnWatch] Details of Sybase ASE bugs withheld, NGSSoftware Insight Security Research
Previous by Thread:  [VulnWatch] LLSSRV Redux, Dave Aitel
Next by Thread:  [VulnWatch] Details of Sybase ASE bugs withheld, NGSSoftware Insight Security Research
Indexes:  [Date] [Thread] [Top] [All Lists]