Kernel Fun

Linux 2.6.7 - 2.6.18.3 get_fdb_entries() function is vulnerable to an integer overflow condition. This could be abused to force memory allocation of an attacker controlled size. Successful exploitation could allow arbitrary code execution.

• More details and debugging information
  

The ReiserFS support code of Linux 2.6.x fails to properly handle crafted data structures, leading to an exploitable memory corruption condition when a sync is being done in a corrupted ReiserFS filesystem.

• More details
  
• Proof of concept: MOKB-25-11-2006.img.bz2

The NTFS filesystem module of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This issue is similar to that explained in MOKB-05-11-2006.

• More details and debugging information
• Proof of concept: MOKB-19-11-2006.img.bz2
• Linux 2.6.x ISO9660 __find_get_block_slow() denial of service

Linux 2.6.x minix filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when a crafted fs stream is being mounted.

• More details and debugging information
  
• Proof of concept: MOKB-17-11-2006.img.bz2
  

Linux 2.6.x gfs2 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when a crafted stream is being mounted. This particular vulnerability is caused by a NULL pointer dereference in the init_journal function.

• More details
• Proof of concept: MOKB-15-11-2006.img.bz2

Failure to handle mounting of corrupt filesystem streams may lead to a local denial of service condition when SELinux hooks are enabled. This particular vulnerability is caused by a null pointer dereference in the superblock_doinit function.

• More details
• Proof of concept: MOKB-14-11-2006.img.bz2

Linux 2.6.x ext2 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when read operation is being done on a crafted fs stream.

• More details
• Proof of concept: MOKB-12-11-2006.img.bz2

Linux 2.6.x ext3 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue with potential fs corruption, when a read operation is done on a crafted ext3 stream.

• More details
• Proof of concept: MOKB-10-11-2006.img.bz2

Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption. This particular vulnerability requires a filesystem (proof of concept for cramfs provided) to fail validation (ex. no integrity checking) of the binary stream in order to reach execution of zlib_inflate()

• More details and debug information
• Proof of concept: MOKB-07-11-2006.img.bz2

The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue.

• More details and debug information
  
• Proof of concept: MOKB-05-11-2006.iso.bz2

The squashfs module of the Linux kernel (2.6.x) fails to properly handle corrupted fs structures, leading to a denial of service and possible data corruption condition. A specially crafted squashfs image will cause the kernel to double free a buffer when a read operation is performed on the corrupted filesystem.

• http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
• Proof of concept: http://projects.info-pull.com/mokb/bug-files/MOKB-02-11-2006.img.gz