Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 06 Apr 2009 13:52:55 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: NFS: Fix an Oops in encode_lookup()

According to the upstream commit 54af3bb543, the NFS file name limit is
not being initialised correctly in the struct nfs_server. The problem
can be easily triggered by a local, unprivileged user. We need to make
sure that we limit whatever is being set in nfs_probe_fsinfo() and
nfs_init_server(). We also need to ensure that readdirplus and
nfs4_path_walk respect our file name limits.

http://git.kernel.org/linus/54af3bb543c071769141387a42deaaab5074da55
https://bugzilla.redhat.com/show_bug.cgi?id=494074

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.