[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: NLM: Don't hang forever on
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-06-23 19:51:18
Message-ID: 1972953755.897157.1308858678769.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> NLM: Don't hang forever on NLM unlock requests
>
> If the NLM daemon is killed on the NFS server, we can currently end up
> hanging forever on an 'unlock' request, instead of aborting. Basically,
> if the rpcbind request fails, or the server keeps returning garbage, we
> really want to quit instead of retrying.
>
> Tested-by: Vasily Averin <vvs@sw.ru>
> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
> Cc: stable@kernel.org
>
> In English, it means that a local, unprivileged user could use the flock
> system call on a NFS share to cause a denial of service.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=709393
> http://git.kernel.org/linus/0b760113a3a155269a3fba93a409c640031dd68f
>
Please use CVE-2011-2491.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic