[ubuntu-hardened] Security issues in the Linux kernel before 3.3 (VFAT filesystem)
Seth Arnold
seth.arnold at canonical.com
Thu Mar 14 17:25:52 UTC 2013
On Thu, Mar 14, 2013 at 02:56:45PM +0100, Daniel Curtis wrote:
> I would like to know if CVE-2013-1773 vulnerability is fixed
> in e.g. 3.2.0-38 kernel (Ubuntu 12.04)? I'm asking because this issue
> (buffer overflow) was found in Linux kernels before 3.3.
>
> This problem allows "*local users to gain privileges or cause
> a denial of service (system crash) via a VFAT write operation
> on a filesystem with the utf8 mount option, which is not properly
> handled during UTF-8 to UTF-16 conversion*."
>
> On a system where disk/images can be auto-mounted or a FAT
> filesystem is mounted, then unprivileged user can gain root
> privileges. So, is it fixed?
We support many kernels over many series, so the answer can sometimes
be complicated. In this case, it's fair to say "mostly fixed":
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1773.html
There are some specific linux kernel packages that aren't yet updated,
but the majority of users should have the fix installed by now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20130314/05be8124/attachment.pgp>
More information about the ubuntu-hardened
mailing list