Date: Mon, 6 Feb 2012 13:22:01 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS On Thu, Nov 24, 2011 at 09:40:42AM +0800, Eugene Teo wrote: > This only affects the Linux kernel as shipped with Red Hat Enterprise > Linux 5. It is possible to trigger the BUG() in fs/nfs/nfs4xdr.c on a > NFSv4 mount. This patch fixed the problem, although we only backported > the relevant parts of the patch, > http://git.kernel.org/linus/dc0b027dfadfcb8a5504f7d8052754bf8d501ab9. > > https://bugzilla.redhat.com/CVE-2011-4324 Assuming that the fix for this one is correct and sufficient (and it appears to be), this is definitely no worse than a DoS. :-) - BUG(); + WRITE32(0); Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.