Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 Feb 2012 13:22:01 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS

On Thu, Nov 24, 2011 at 09:40:42AM +0800, Eugene Teo wrote:
> This only affects the Linux kernel as shipped with Red Hat Enterprise
> Linux 5. It is possible to trigger the BUG() in fs/nfs/nfs4xdr.c on a
> NFSv4 mount. This patch fixed the problem, although we only backported
> the relevant parts of the patch,
> http://git.kernel.org/linus/dc0b027dfadfcb8a5504f7d8052754bf8d501ab9.
> 
> https://bugzilla.redhat.com/CVE-2011-4324

Assuming that the fix for this one is correct and sufficient (and it
appears to be), this is definitely no worse than a DoS. :-)

-			BUG();
+			WRITE32(0);

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.