SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Util-linux Vendors:   kernel.org
Util-linux MBR Partition Parsing Bug Lets Physically Local Users Cause Denial of Service Conditions on the Target System
SecurityTracker Alert ID:  1036272
SecurityTracker URL:  http://securitytracker.com/id/1036272
CVE Reference:   CVE-2016-5011   (Links to External Site)
Date:  Jul 12 2016
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Util-linux. A local user can cause denial of service conditions on the target system.

A physically local user can connect a device with a specially crafted Master Boot Record (MBR) to the target system to trigger a partition table parsing error in the extended boot record and consume all available memory. This can be exploited to cause the target system to become unresponsive.

Christian Moch and Michael Gruhn reported this vulnerability.

Impact:   A physically local user can cause the target system to become unresponsive.
Solution:   The vendor has issued a source code fix, available at:

https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c3

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents

Subject:  [oss-security] CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS

--047d7b11203b0f3c5b05375961d1
Content-Type: text/plain; charset=UTF-8

Hi,

This is to disclose the following CVE:

CVE-2016-5011: util-linux: Extended partition loop in MBR partition table
leads to DoS

Description :
The util-linux libblkid is vulnerable to a Denial of Service attack during
MSDOS partition table parsing, in the extended partition boot record (EBR).
If the next EBR starts at relative offset 0, parse_dos_extended() will loop
until running out of memory. An attacker could install a specially crafted
MSDOS partition table in a storage device and trick a user into using it.
This library is used, among others, by systemd-udevd daemon.

Upstream patch:
libblkid: ignore extended partition at zero offset
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c3

Impact: Low
CVSS3 scoring : AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C

Reported by: Christian Moch & Michael Gruhn

Best Regards,

-- 
Cedric Buissart,
Product Security

--047d7b11203b0f3c5b05375961d1--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC