Date: Tue, 21 Apr 2015 21:58:17 -0400 From: Kash Pande <kash@...pleback.net> To: oss-security@...ts.openwall.com Subject: CVE Request for ZFS on Linux MITRE: https://github.com/zfsonlinux/zfs/issues/3319 This was "discovered" yesterday. As outlined here, there is a security issue in the Debian packages for zfsonlinux which will export NFS shares to * when you only intend for 192.168.0.0/24. Some notes: -> Debian packages for zfsonlinux were using extra patches for NFS, iSCSI and other shares not present in upstream zfsonlinux -> These patches were included by the maintainer of the Debian packages against upstream's wishes NFS users who are exporting host-specific shares from CentOS/FreeBSD/illumos who switch to Debian will certainly be surprised to find their NFS shares are wide open. Can we have a CVE for tracking this, as it's a unique issue which has apparently been in the Debian packages for some time now. No other zfsonlinux distribution suffers these issues. -- Kash Pande Jentu Technologies, Inc. http://jentu-networks.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ