Sunday, November 05, 2006

MOKB-05-11-2006: Linux 2.6.x ISO9660 __find_get_block_slow() denial of service

The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue.
Uncompress, burn, plug, mayhem.

"The sky fell down when I plugged it,
The green of the wallpaper countryside has turned to blue,
I had the CD right on my fingertips,
...
Frank Sinatra, "The Sky Fell Down" (
remix).