CVE-2016-8633: Buffer Overflow

First published: Thu Nov 03 2016(Updated: )

A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. In general, IP packets enclosed in the firewire frames are completely in spec. In situations when firewire and ipv4 networking is used, the systems are frequently a part of clustering sofware. They would be daisy chained from a single machine with a network connection: GATEWAY &lt;-&gt; HOST1 &lt;-&gt; HOST2 &lt;-&gt; HOST3 &lt;-&gt; HOSTN. So, the gateway could be connected to the internet, and this is how fragmented packets could get to the system. So, while arbitrary code execution is possible, the hardware configuration required for this is special and rare. Proposed patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/ieee1394/linux1394.git/commit/?h=testing&amp;id=ff89027279ec57d69797cbae7c681672f1dbea71">https://git.kernel.org/cgit/linux/kernel/git/ieee1394/linux1394.git/commit/?h=testing&amp;id=ff89027279ec57d69797cbae7c681672f1dbea71</a> An upstream patch and merge: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9db">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9db</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=03daa36f089f">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=03daa36f089f</a> Public message: <a href="http://seclists.org/oss-sec/2016/q4/347">http://seclists.org/oss-sec/2016/q4/347</a> A research on the flaw: <a href="https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/">https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/</a>

Credit: secalert@redhat.com secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/first-publish-date
• collector/launchpad-cve
• source/Launchpad
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2016-8633
• agent/author
• agent/severity
• agent/weakness
• collector/mitre-cve
• source/MITRE
• collector/usn-cve
• source/Ubuntu
• agent/references
• agent/remedy
• agent/tags
• agent/description
• agent/event
• collector/nvd-cve
• source/NVD
• agent/software-canonical-lookup
• agent/last-modified-date
• collector/security-tracker-debian
• source/Debian
• agent/softwarecombine
• agent/trending
• vendor/linux
• canonical/linux linux kernel
• version/linux linux kernel/4.8.6
• package-manager/debian