Bugtraq mailing list archives
Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028)
From: Paul Starzetz <paul () starzetz de>
Date: Thu, 02 Sep 2004 14:02:14 +0200
Thomas Biege wrote:
The iSEC people have read the nfsd code from 2.4 and it seems to be vulnerable too, however only authenticated clients could reach the problematic places at all. Having a writeable NFS share is probably a bad idea anyway...Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6. These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31. The result will be a kernel Oops, it is unknown if this bug is otherwise exploitable yet. Kernel 2.4 nfsd code is different but may suffer from the same vulnerability.
Current thread:
- SUSE Security Announcement: kernel (SUSE-SA:2004:028) Thomas Biege (Sep 01)
- Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028) Paul Starzetz (Sep 02)