Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2011 21:36:20 -0700
From: Kurt Seifried <>
Subject: Re: CVE Request -- kernel: nfs4_getfacl decoding kernel

On 11/11/2011 09:48 AM, Petr Matousek wrote:
> "nfs4_getfacl decoding causes a kernel Oops when a server returns more
> than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute
> request.
> While the NFS client only asks for one attribute (FATTR4_ACL) in the
> first bitmap word, the NFSv4 protocol allows for the server to return
> unbounded bitmaps (more than two)."
> Upstream commit:
> e5012d1f3861d18c7f3814e757c1c3ab3741dbcd - incomplete, handles only the
> case when 2 words are expected and 3 are returned
> Proposed complete upstream patch:
> Reference:
> Credit: Andy Adamson
> Thanks,
Please use CVE-2011-4131 for this issue


-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ