ubuntu-hardened March 2013 archive
Main Archive Page > Month Archives  > ubuntu-hardened archives
ubuntu-hardened: [ubuntu-hardened] Security issues in the Linux

[ubuntu-hardened] Security issues in the Linux kernel before 3.3 (VFAT filesystem)

From: Daniel Curtis <sidetripping_at_nospam>
Date: Thu Mar 14 2013 - 13:56:45 GMT
To: ubuntu-hardened@lists.ubuntu.com

Hi,

I would like to know if CVE-2013-1773 vulnerability is fixed
in e.g. 3.2.0-38 kernel (Ubuntu 12.04)? I'm asking because this issue
(buffer overflow) was found in Linux kernels before 3.3.

This problem allows "*local users to gain privileges or cause
a denial of service (system crash) via a VFAT write operation
on a filesystem with the utf8 mount option, which is not properly
handled during UTF-8 to UTF-16 conversion*."

On a system where disk/images can be auto-mounted or a FAT
filesystem is mounted, then unprivileged user can gain root
privileges. So, is it fixed?

Best regards.

-- ubuntu-hardened mailing list ubuntu-hardened@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened