'Re: [oss-security] CVE request: kernel: NLM: Don't hang forever on'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: NLM: Don't hang forever on
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-06-23 19:51:18
Message-ID: 1972953755.897157.1308858678769.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]



----- Original Message -----
> NLM: Don't hang forever on NLM unlock requests
> 
> If the NLM daemon is killed on the NFS server, we can currently end up
> hanging forever on an 'unlock' request, instead of aborting.  Basically,
> if the rpcbind request fails, or the server keeps returning garbage, we
> really want to quit instead of retrying.
> 
> Tested-by: Vasily Averin <vvs@sw.ru>
> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
> Cc: stable@kernel.org
> 
> In English, it means that a local, unprivileged user could use the flock
> system call on a NFS share to cause a denial of service.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=709393
> http://git.kernel.org/linus/0b760113a3a155269a3fba93a409c640031dd68f
> 

Please use CVE-2011-2491.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic