[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028)

To: Thomas Biege <thomas@xxxxxxx>
Subject: Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028)
From: Paul Starzetz <paul@xxxxxxxxxxx>
Date: Thu, 02 Sep 2004 14:02:14 +0200

Thomas Biege wrote:

Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6. These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31. The result will be a kernel Oops, it is unknown if this bug is otherwise exploitable yet. Kernel 2.4 nfsd code is different but may suffer from the same vulnerability.

The iSEC people have read the nfsd code from 2.4 and it seems to be vulnerable too, however only authenticated clients could reach the problematic places at all. Having a writeable NFS share is probably a bad idea anyway...

References:
- SUSE Security Announcement: kernel (SUSE-SA:2004:028)
  - From: Thomas Biege

Prev by Date: [ GLSA 200409-01 ] vpopmail: Multiple vulnerabilities
Next by Date: Password Protect XSS and SQL-Injection vulnerabilities.
Previous by thread: SUSE Security Announcement: kernel (SUSE-SA:2004:028)
Next by thread: New security tools and papers released
Index(es):
- Date
- Thread