[Lucid, Maverick, Natty] SRU: Fix panic after nfs_umount
Stefan Bader
stefan.bader at canonical.com
Wed Dec 15 10:33:13 UTC 2010
On 12/15/2010 05:47 AM, Ben Hutchings wrote:
> On Mon, 2010-12-13 at 10:02 +0100, Stefan Bader wrote:
>> On 12/12/2010 04:15 AM, Ben Hutchings wrote:
>>> On Thu, 2010-12-09 at 16:58 +0100, Stefan Bader wrote:
>>>> SRU justification:
>>>>
>>>> Impact: When trying to mount an export where server and client have no common
>>>> authentication method, the client will abort the mount by sending an advisory
>>>> unmount message to the server. A bug in the RPC client setup causes the sunrpc
>>>> code to access memory outside an allocated array, which will sooner or later
>>>> cause the kernel to crash.
>>> [...]
>>>
>>> Do you have a CVE reference for this?
>>>
>>> Ben.
>>>
>> Hi Ben,
>>
>> no it was done as a normal bug afaik. Should we have one?
>
> If I understand correctly, it allows a rogue server to make a client
> crash by refusing all its authentication methods. Obviously this can
> also happen without malicious intent, but I don't think that matters.
>
> Ben.
>
Well, it would also require a rogue user (or admin) doing the mount (sometimes
multiple times, sometimes sooner) or to have automount set up to such a server.
Both feels like it needs substantial support from the local side. IIRC someone
from the security team had a look at it and wasn't scared too much. So I was not
either.
Stefan
More information about the kernel-team
mailing list