source: http://www.securityfocus.com/bid/2180/info ReiserFS is a file system alternative to the Linux ext2 file system. It was originally written by Hans Reiser, and is freely available and publicly maintained. A problem has been reported in the handling of long file names with ReiserFS version 3.5.28 on SuSE Linux distribution 7.0. It is possible to create a directory with a long file name (the initial example displayed a directory with 768 characters), then attempt to list the file system using system binary ls or with built in shell function echo and create a Denial of Service. Upon attempting to list or echo the contents of the filesystem, a kernel buffer overflow occurs, overwriting variables on the stack including possibly the return address, as well as crashing the system. It may be possible for a malicious user to execute arbitrary code, deny service to legitimate users, and potentially break out of a chroot environment. This vulnerability is yet unverified. mkdir "$(perl -e 'print "x" x 768')"
Related ExploitsTrying to match CVEs (1): CVE-2001-0172
Trying to match OSVDBs (1): 13800
Other Possible E-DB Search Terms: ReiserFS 3.5.28 (Linux Kernel), ReiserFS 3.5.28, ReiserFS
|2010-04-09||ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Local Privilege Escalation||Jon Oberheide|
|2017-06-02||reiserfstune 3.6.25 - Local Buffer Overflow||Nassim Asrir|