Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Thu, 5 Nov 2009 12:23:39 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: NULL pointer dereference in
 nfs4_proc_lock()

Please use CVE-2009-3726

Thanks.

-- 
    JB

----- "Eugene Teo" <eugeneteo@...nel.sg> wrote:

> Quote from upstream commit:
> "We just had a case in which a buggy server occasionally returns the 
> wrong attributes during an OPEN call. While the client does catch this
> 
> sort of condition in nfs4_open_done(), and causes the
> nfs4_atomic_open() 
> to return -EISDIR, the logic in nfs_atomic_lookup() is broken, since
> it 
> causes a fallback to an ordinary lookup instead of just returning the
> error.
> 
> When the buggy server then returns a regular file for the fallback 
> lookup, the VFS allows the open, and bad things start to happen, since
> 
> the open file doesn't have any associated NFSv4 state.
> 
> The fix is firstly to return the EISDIR/ENOTDIR errors immediately,
> and 
> secondly to ensure that we are always careful when dereferencing the 
> nfs_open_context state pointer."
> 
> Upstream commit:
> http://git.kernel.org/linus/d953126a28f97e (v2.6.31-rc4)
> 
> Steps to reproduce the issue/backtraces:
> https://bugzilla.redhat.com/show_bug.cgi?id=529227#c0
> 
> References:
> http://www.spinics.net/linux/lists/linux-nfs/msg03357.html
> https://bugzilla.redhat.com/show_bug.cgi?id=529227
> 
> Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux Powered by OpenVZ Bookmark and Share