Bugzilla – Bug 988361
VUL-1: CVE-2016-5011: util-linux: extended partition loop in MBR partition table leads to DoS
Last modified: 2020-09-24 13:23:32 UTC
http://seclists.org/oss-sec/2016/q3/36 VE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Description : The util-linux libblkid is vulnerable to a Denial of Service attack during MSDOS partition table parsing, in the extended partition boot record (EBR). If the next EBR starts at relative offset 0, parse_dos_extended() will loop until running out of memory. An attacker could install a specially crafted MSDOS partition table in a storage device and trick a user into using it. This library is used, among others, by systemd-udevd daemon. Upstream patch: libblkid: ignore extended partition at zero offset https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c3 Impact: Low CVSS3 scoring : AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C Reported by: Christian Moch & Michael Gruhn From https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f libblkid: ignore extended partition at zero offset If the extended partition starts at zero LBA then MBR is interpreted as EBR and all is recursively parsed... result is out-of-memory. MBR --extended-partition--> EBR --> MBR --> ENB --> MBR ... Note that such PT is not possible to create by standard partitioning tools. Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1349536 Signed-off-by: Karel Zak <kzak@redhat.com> References: https://bugzilla.redhat.com/show_bug.cgi?id=1349536 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5011 http://seclists.org/oss-sec/2016/q3/36 https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c3
bugbot adjusting priority
Fix submitted for SLE 12 SP2: https://build.suse.de/request/show/117756 Fix added to the planned update of util-linux: Leap 42.1 (just a copy of SLE 12 SP1): https://build.opensuse.org/project/monitor/home:sbrabec:branches:util-linux-round4 SLE 12, SLE 12 SP1: https://build.suse.de/project/monitor/home:sbrabec:branches:util-linux-round4 Factory will be fixed with the next version update. openSUSE 13.2: Please let me know, whether you want the fix there.
SUSE-SU-2016:2764-1: An update that solves one vulnerability and has 7 fixes is now available. Category: security (moderate) Bug References: 947494,966891,978993,982331,983164,987176,988361,994399 CVE References: CVE-2016-5011 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): util-linux-2.25-37.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): util-linux-2.25-37.1 SUSE Linux Enterprise Server 12-SP1 (src): python-libmount-2.25-37.1, util-linux-2.25-37.1, util-linux-systemd-2.25-37.1 SUSE Linux Enterprise Desktop 12-SP1 (src): python-libmount-2.25-37.1, util-linux-2.25-37.1, util-linux-systemd-2.25-37.1
openSUSE-SU-2016:2840-1: An update that solves one vulnerability and has 7 fixes is now available. Category: security (moderate) Bug References: 947494,966891,978993,982331,983164,987176,988361,994399 CVE References: CVE-2016-5011 Sources used: openSUSE Leap 42.1 (src): python-libmount-2.25-18.2, util-linux-2.25-18.1, util-linux-systemd-2.25-18.1
SUSE-SU-2016:2954-1: An update that solves one vulnerability and has 6 fixes is now available. Category: security (moderate) Bug References: 947494,966891,982331,987176,988361,990531,994399 CVE References: CVE-2016-5011 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): util-linux-2.28-42.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): util-linux-2.28-42.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): python-libmount-2.28-42.4, util-linux-2.28-42.1, util-linux-systemd-2.28-42.3 SUSE Linux Enterprise Server 12-SP2 (src): python-libmount-2.28-42.4, util-linux-2.28-42.1, util-linux-systemd-2.28-42.3 SUSE Linux Enterprise Desktop 12-SP2 (src): python-libmount-2.28-42.4, util-linux-2.28-42.1, util-linux-systemd-2.28-42.3
openSUSE-SU-2016:3102-1: An update that solves one vulnerability and has 6 fixes is now available. Category: security (moderate) Bug References: 947494,966891,982331,987176,988361,990531,994399 CVE References: CVE-2016-5011 Sources used: openSUSE Leap 42.2 (src): python-libmount-2.28-7.2, util-linux-2.28-7.1, util-linux-systemd-2.28-7.1
SUSE-SU-2017:0553-1: An update that solves two vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1008965,1012504,1012632,1019332,1020077,1023041,947494,966891,978993,982331,983164,987176,988361 CVE References: CVE-2016-5011,CVE-2017-2616 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): python-libmount-2.25-24.10.3, util-linux-2.25-24.10.1, util-linux-systemd-2.25-24.10.1 SUSE Linux Enterprise Server 12-LTSS (src): python-libmount-2.25-24.10.3, util-linux-2.25-24.10.1, util-linux-systemd-2.25-24.10.1
Released.