Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Apr 2015 21:58:17 -0400
From: Kash Pande <kash@...pleback.net>
To: oss-security@...ts.openwall.com
Subject: CVE Request for ZFS on Linux

MITRE:

https://github.com/zfsonlinux/zfs/issues/3319

This was "discovered" yesterday.

As outlined here, there is a security issue in the Debian packages for
zfsonlinux which will export NFS shares to * when you only intend for
192.168.0.0/24.

Some notes:
-> Debian packages for zfsonlinux were using extra patches for NFS,
iSCSI and other shares not present in upstream zfsonlinux
-> These patches were included by the maintainer of the Debian packages
against upstream's wishes

NFS users who are exporting host-specific shares from
CentOS/FreeBSD/illumos who switch to Debian will certainly be surprised
to find their NFS shares are wide open.

Can we have a CVE for tracking this, as it's a unique issue which has
apparently been in the Debian packages for some time now.

No other zfsonlinux distribution suffers these issues.

-- 

Kash Pande
Jentu Technologies, Inc.
http://jentu-networks.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ