Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 13 Nov 2011 08:54:15 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: nfs4_getfacl decoding kernel
 oops

On 11/11/2011 09:36 PM, Kurt Seifried wrote:
> On 11/11/2011 09:48 AM, Petr Matousek wrote:
>> "nfs4_getfacl decoding causes a kernel Oops when a server returns more
>> than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute
>> request.
>>
>> While the NFS client only asks for one attribute (FATTR4_ACL) in the
>> first bitmap word, the NFSv4 protocol allows for the server to return
>> unbounded bitmaps (more than two)."
>>
>> Upstream commit:
>> e5012d1f3861d18c7f3814e757c1c3ab3741dbcd - incomplete, handles only the
>> case when 2 words are expected and 3 are returned
>>
>> Proposed complete upstream patch:
>> http://www.spinics.net/lists/linux-nfs/msg25288.html
>>
>> Reference:
>> https://bugzilla.redhat.com/show_bug.cgi?id=747106
>>
>> Credit: Andy Adamson
>>
>> Thanks,
> Please use CVE-2011-4131 for this issue
>
With apologies, I replied to the same message twice, the correct CVE
assignment should be:

CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops (correct for
this email)

The second one, CVE-2011-4132 is for kernel: jbd/jbd2: invalid value of
first log block leads to oops which is in a second email.



-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ