mailing list archives
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
From: Attila Bogár <attila.bogar () linguamatics com>
Date: Thu, 22 Nov 2012 11:55:01 +0000
On Thu, 22 Nov 2012 10:48:05 +0100
A program that runs with higher privileges and executes mcrypt with external
user-controlled input possibly? Maybe a bit far fetched, but not impossible.
The problem I tried to solve, when discovered the overflow was:
- store encrypted parts of the filesystem recursively
- keep permissions and ownership informations
- bundling can't be used - must support incremental updates and delete
- burn into multi session rock ridge DVD /this is not relevant/
- restores the backup recursively from the DVD
Alice and Bob is using "find /dir -type f -exec mcrypt" for encrypt/decrypt as root.
What about if the DVD filenames have been tampered during transit... ...or encrypting user data, which can have any
Do not run mcrypt as root is not a valid answer, but I know it can be solved in userland.
Attila Bogár <attila.bogar () linguamatics com>
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Raphael Geissert (Oct 19)