[ubuntu-hardened] Security issues in the Linux kernel before 3.3 (VFAT filesystem)

Daniel Curtis sidetripping at gmail.com
Thu Mar 14 13:56:45 UTC 2013


I would like to know if CVE-2013-1773 vulnerability is fixed
in e.g. 3.2.0-38 kernel (Ubuntu 12.04)? I'm asking because this issue
(buffer overflow) was found in Linux kernels before 3.3.

This problem allows "*local users to gain privileges or cause
a denial of service (system crash) via a VFAT write operation
on a filesystem with the utf8 mount option, which is not properly
handled during UTF-8 to UTF-16 conversion*."

On a system where disk/images can be auto-mounted or a FAT
filesystem is mounted, then unprivileged user can gain root
privileges. So, is it fixed?

Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20130314/a4ebc6b7/attachment.html>

More information about the ubuntu-hardened mailing list