Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 237479 (CVE-2008-3915)

Summary: Linux <2.6.26.4 nfsd: fix buffer overrun decoding NFSv4 acl (CVE-2008-3915)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel, tomee
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f
Whiteboard: [linux <2.6.25.17] [linux >=2.6.26 <2.6.26.4]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-09-12 13:53:50 UTC 
CVE-2008-3915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3915):
  Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when
  NFSv4 is enabled, allows remote attackers to have an unknown impact
  via vectors related to decoding an NFSv4 acl.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-09-19 15:36:26 UTC 
*** Bug 237432 has been marked as a duplicate of this bug. ***
Comment 2 RumpletonBongworth 2009-07-20 23:47:13 UTC 
Corrected Status Whiteboard. hardened-kernel unaffected at present time. Removing alias.

PS: genpatches-2.6.25-11 included 2.6.25.17. genpatches-2.6.26-3 included
2.6.26.4.