[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ntfs-dev
Subject: Re: [Linux-NTFS-Dev] Multiple Memory Corruption Issues in ntfs.ko (Linux 4.15.0-15.16)
From: Anton Altaparmakov <anton () tuxera ! com>
Date: 2018-04-19 11:16:19
Message-ID: 232D3866-79E6-4363-9A9A-5FBBD177D62B () tuxera ! com
[Download RAW message or body]
Hi Sergej,
Thanks for the report, images and logs. I tried the first one and can confirm it \
crashes. I will work on fixing them all.
Best regards,
Anton
> On 18 Apr 2018, at 19:33, Sergej Schumilo <sergej@schumilo.de> wrote:
>
> Dear all,
> after reporting the following bugs to the Ubuntu security team, we were asked to \
> report them directly to the kernel developers. I have attached the original bug \
> report as well as a link to a zip archive containing all relevant files (including \
> all oops and KASAN reports and the causing NTFS images).
> https://ruhr-uni-bochum.sciebo.de/s/C4yAaseXggUGaVu/download
>
> ——————————————————————
>
> Dear all,
> The following memory corruption issues in ntfs.ko (such as use-after-frees, stack- \
> and heap-out-of-bounds accesses and BUG_ON / BUG assertion fails) were found by a \
> modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have \
> attached the causing NTFS filesystem image, the dmesg reports, KASAN reports and \
> the source code of a simple mounting tool to reproduce those issues \
> (ntfs_inject.c).
> A local users who have been granted the privileges necessary to mount filesystems \
> (or a system components which auto mounts filesystems) could trigger a kernel oops, \
> a kernel panic (depending on panic_on_oops) or exploit those bugs to raise \
> privileges.
> We can verify this issues for Linux 4.15.0-15.16 (Ubuntu 16.04.4 LTS / sources from \
> "pull-lp-source linux").
> Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität Bochum)
>
> Best regards,
> Sergej Schumilo
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-NTFS-Dev mailing list
> Linux-NTFS-Dev@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-ntfs-dev
--
Anton Altaparmakov <anton at tuxera.com> (replace at with @)
Lead in File System Development, Tuxera Inc., http://www.tuxera.com/
Linux NTFS maintainer
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-NTFS-Dev mailing list
Linux-NTFS-Dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-ntfs-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic