Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4E02E8E2.2040106@redhat.com>
Date: Thu, 23 Jun 2011 15:18:58 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: NLM: Don't hang forever on NLM unlock requests

NLM: Don't hang forever on NLM unlock requests

If the NLM daemon is killed on the NFS server, we can currently end up
hanging forever on an 'unlock' request, instead of aborting. Basically,
if the rpcbind request fails, or the server keeps returning garbage, we
really want to quit instead of retrying.

    Tested-by: Vasily Averin <vvs@...ru>
    Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>
    Cc: stable@...nel.org

In English, it means that a local, unprivileged user could use the flock
system call on a NFS share to cause a denial of service.

https://bugzilla.redhat.com/show_bug.cgi?id=709393
http://git.kernel.org/linus/0b760113a3a155269a3fba93a409c640031dd68f

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.