Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 74070 - Remote DoS in 2.6 nfsacl extension
Summary: Remote DoS in 2.6 nfsacl extension
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [2.6 maintainerPatching]
Depends on:
Reported: 2004-12-11 00:47 UTC by Sune Kloppenborg Jeppesen
Modified: 2005-07-21 12:18 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Patch (74070.patch,525 bytes, patch)
2005-04-07 05:15 UTC, Tim Yamin (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2004-12-11 00:47:50 UTC
the sunrpc-multiple-programs patch, which is part of the nfsacl protocol
extension for 2.6 kernels, contains a bug that crashes the kernel nfs
deamon with a NULL pointer access when a client requests an unknown
program number. The incremental fix from Olaf Kirch (thanks) is as

Index: linux-2.6.5/net/sunrpc/svc.c
--- linux-2.6.5.orig/net/sunrpc/svc.c   2004-11-19 11:22:19.000000000 +0100
+++ linux-2.6.5/net/sunrpc/svc.c        2004-12-10 15:48:40.000000000 +0100
@@ -450,7 +450,7 @@ err_bad_auth:
        if (prog != 100227 || serv->sv_program->pg_prog != 100003)
-               printk("svc: unknown program %d (me %d)\n", prog, progp->pg_prog);
+               printk("svc: unknown program %d (me %d)\n", prog, serv->sv_program->pg_prog);
        /* else it is just a Solaris client seeing if ACLs are supported */

The version found at includes
this fix. I will announce this on next week.

The 2.4 kernel patches are not affected.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-01-13 04:21:37 UTC
Now public
Comment 2 Adam Mondl (RETIRED) gentoo-dev 2005-01-14 01:10:25 UTC
Fixed in ~x86 hardened-dev-sources-2.6.10-r2
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2005-01-19 03:43:46 UTC
gentoo-dev-sources is done
the patch is here:

Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 03:16:44 UTC
Mass-Ccing to make sure Kernel Security guys know about all
of these...
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2005-04-07 05:15:48 UTC
Created attachment 55551 [details, diff]
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2005-04-07 05:17:19 UTC
Following sources still need patching:

hppa-sources: Adding GMSoft...
mips-sources: Adding Kumba...
pegasos-sources: Adding dholm...
rsbac-sources: Adding kang...
Comment 7 Guillaume Destuynder (RETIRED) gentoo-dev 2005-04-08 02:37:55 UTC
rsbac-sources fixed in rsbac-sources-2.6.11-r2
Comment 8 Joshua Kinard gentoo-dev 2005-04-23 22:21:57 UTC
mips-sources fixed.
Comment 9 Daniel Drake (RETIRED) gentoo-dev 2005-06-22 06:53:49 UTC
This patch can be dropped. It only applies to the multiple programs (Support
multiple program numbers on one RPC transport) functionality provided by the
nfsacl extention patches not yet merged upstream. Normal sunrpc users are not
Comment 10 Tim Yamin (RETIRED) gentoo-dev 2005-07-21 12:18:20 UTC
Closing bug as per comment #9.