Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4BA96DAA.3070307@redhat.com>
Date: Wed, 24 Mar 2010 09:40:58 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE requests 6x kernel vulns still pending

>> 3) kernel: NFS DoS related to "automount" symlinks
>
> What exactly is the DoS that happens here?

NULL pointer dereference.

>> 5) kernel: NFS: Fix an Oops when truncating a file
>
> I assume that nfs_wait_on_request() can be influenced by a non-root user
> to generate the interrupt that triggers the Ooops?

If the non-root user kills the task while truncating the file, this 
could lead to the existence of unmapped pages that still have an 
attached nfs_page structure in page->private. nfs_wb_page_cancel() waits 
for I/O to complete, and when it completes, it will find itself with an 
unmapped page and oops.

> All of these will be filled in sometime Wednesday.
>
> - Steve

Thanks!

Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.