You are here

U-080: Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

January 12, 2012 - 9:00am

Addthis

PROBLEM:

Linux Kernel XFS Heap Overflow May Let Remote Users Execute Arbitrary Code

PLATFORM:

Linux

ABSTRACT:

A vulnerability was reported in the Linux Kernel. A remote user can cause arbitrary code to be executed on the target user's system.

referenceĀ  LINKS:

Linux Kernel Update
SecurityTracker Alert ID: 1026512
CVE-2012-0038
Red Hat Bugzilla Bug 773280

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can create a filesystem that, when mounted by the target user, will execute arbitrary code on the target user's system.

Impact:

A remote user can create a specially crafted filesystem that, when mounted by the target user, will trigger an integer overflow in the ACL handling code, which may lead to a heap overflow and potentially execute arbitrary code on the target system.

Solution:

A source code fix, available at: Latest Linux Kernel.

Addthis