Buffer overflow in some filesystems via NFS

On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic.

N/A

栈缓冲区溢出

FreeBSD 安全漏洞

FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞，该漏洞源于cd9660、tarfs和ext2fs文件系统中VOP_VPTOFH的实现会使目标FID缓冲区溢出4个字节，即堆栈缓冲区溢出。

N/A

N/A