237479 – (CVE-2008-3915) Linux <2.6.26.4 nfsd: fix buffer overrun decoding NFSv4 acl (CVE-2008-3915)

Bug 237479 (CVE-2008-3915) - Linux <2.6.26.4 nfsd: fix buffer overrun decoding NFSv4 acl (CVE-2008-3915)

Summary: Linux <2.6.26.4 nfsd: fix buffer overrun decoding NFSv4 acl (CVE-2008-3915)

Status:	RESOLVED FIXED

Alias:	CVE-2008-3915

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.25.17] [linux >=2.6.26 <2...
Keywords:

Duplicates (1):	237432 (view as bug list)
Depends on:
Blocks:

Reported:	2008-09-12 13:53 UTC by Robert Buchholz (RETIRED)
Modified:	2013-09-05 03:48 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-09-12 13:53:50 UTC

CVE-2008-3915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3915):
  Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when
  NFSv4 is enabled, allows remote attackers to have an unknown impact
  via vectors related to decoding an NFSv4 acl.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-09-19 15:36:26 UTC

*** Bug 237432 has been marked as a duplicate of this bug. ***

Comment 2 kfm 2009-07-20 23:47:13 UTC

Corrected Status Whiteboard. hardened-kernel unaffected at present time. Removing alias.

PS: genpatches-2.6.25-11 included 2.6.25.17. genpatches-2.6.26-3 included
2.6.26.4.