• Dave Jones's avatar
    [PATCH] isofs buffer overflow fix · 6b4e4b90
    Dave Jones authored
    Merged in 2.4, and various vendor kernels..
    
      iDefense reported a buffer overflow flaw in the ISO9660 filesystem code.
      An attacker could create a malicious filesystem in such a way that they
      could gain root privileges if that filesystem is mounted. The Common
      Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
      CAN-2004-0109 to this issue.
    
    Ernie Petrides came up with the following patch which I fixed up a slight
    reject in to apply to 2.6. Otherwise, unchanged from the 2.4 patch.
    6b4e4b90
rock.c 14.4 KB