ubuntu-hardened March 2013 archive
Main Archive Page > Month Archives  > ubuntu-hardened archives
ubuntu-hardened: Re: [ubuntu-hardened] Security issues in the Li

Re: [ubuntu-hardened] Security issues in the Linux kernel before 3.3 (VFAT filesystem)

From: Seth Arnold <seth.arnold_at_nospam>
Date: Thu Mar 14 2013 - 17:25:52 GMT
To: ubuntu-hardened@lists.ubuntu.com

On Thu, Mar 14, 2013 at 02:56:45PM +0100, Daniel Curtis wrote:
> I would like to know if CVE-2013-1773 vulnerability is fixed
> in e.g. 3.2.0-38 kernel (Ubuntu 12.04)? I'm asking because this issue
> (buffer overflow) was found in Linux kernels before 3.3.
>
> This problem allows "*local users to gain privileges or cause
> a denial of service (system crash) via a VFAT write operation
> on a filesystem with the utf8 mount option, which is not properly
> handled during UTF-8 to UTF-16 conversion*."
>
> On a system where disk/images can be auto-mounted or a FAT
> filesystem is mounted, then unprivileged user can gain root
> privileges. So, is it fixed?

We support many kernels over many series, so the answer can sometimes
be complicated. In this case, it's fair to say "mostly fixed":

http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1773.html

There are some specific linux kernel packages that aren't yet updated,
but the majority of users should have the fix installed by now.

-- ubuntu-hardened mailing list ubuntu-hardened@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened