Gentoo Bug 141503 - Kernel: DoS when using both NFS and EXT3 (CVE-2006-3468)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	141503
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 141503 depends on:			Show dependency tree Show dependency graph
Bug 141503 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-07-23 09:02 0000

Not sure when this is fixed. Filing this to be safe.

Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to
cause a denial of service (file system panic) via a crafted UDP packet with a
V2 lookup procedure that specifies a bad file handle (inode number), which
triggers an error and causes an exported directory to be remounted read-only.

------- Comment #1 From Tim Yamin (RETIRED) 2006-08-07 14:47:04 0000 -------

Patch for ext3:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=2ccb48ebb4de139eef4fcefd5f2bb823cb0d81b9;hp=f712c0c7e1796f92e45e4de144e247816d974b8f

Another useful patch for ext3:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=0e31f51d8177320d61ec5786ca4aafa7b7a749b4;hp=51d8c5edd3b166fcc51aba84d78761d578400a7c

Patch for ext2, unconfirmed and may cause harm to cute innocent bunnies, wear
eye protection:

http://lkml.org/lkml/2006/7/24/263

------- Comment #2 From Harlan Lieberman-Berg (RETIRED) 2006-09-02 19:41:07 0000 -------

Maintainers, please add two ext3 patches above, or bump to 2.6.17.11.

rsbac-sources-2.6:  kang
sh-sources-2.6: sh herd
usermode-sources-2.6:  dang
xbox-sources-2.6:  chrb, gimli
xen-sources-2.6: xen herd

------- Comment #3 From Daniel Gryniewicz 2006-09-06 16:49:12 0000 -------

usermode-sources-2.6.16-r5 added.

------- Comment #4 From Andrew Ross (RETIRED) 2006-09-10 04:40:24 0000 -------

Patches added to xen-sources-2.6.16.28

------- Comment #5 From Guillaume Destuynder (RETIRED) 2006-11-09 06:42:52 0000 -------

rsbac-sources bumped to 2.6.18 in ~

------- Comment #6 From Harlan Lieberman-Berg (RETIRED) 2006-12-05 19:05:16 0000 -------

Xbox-sources and sh-sources are no longer covered by Gentoo Security. Closing.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 141503

Kernel: DoS when using both NFS and EXT3 (CVE-2006-3468)

Last modified: 2006-12-05 19:05:16 0000