-
Dave Jones authored
Merged in 2.4, and various vendor kernels.. iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue. Ernie Petrides came up with the following patch which I fixed up a slight reject in to apply to 2.6. Otherwise, unchanged from the 2.4 patch.
6b4e4b90