Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Feb 2014 15:04:11 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request: Linux kernel: nfs: information leakage

    Hello,

Linux kernel build with the NFS file system(CONFIG_NFS_FS) along with the 
support for NFSv4 protocol(CONFIG_NFS_V4) is vulnerable to an information 
leakage flaw. It could occur while writing to a file wherein NFS server has 
offered write delegation to the client. Such delegation allows NFS client to 
perform the said operation locally without instant interaction with the 
server.

A user/program could use this flaw to leak kernel memory bytes.

Upstream fix:
-------------
   -> https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1067341


Thank you.
--
Prasad J Pandit / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ