[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE request: Linux kernel: nfs: information leakage
From: P J P <ppandit () redhat ! com>
Date: 2014-02-20 18:51:16
Message-ID: alpine.LFD.2.10.1402210016170.2844 () wniryva ! cad ! erqung ! pbz
[Download RAW message or body]
+-- On Thu, 20 Feb 2014, cve-assign@mitre.org wrote --+
| This is definitely a problem that can have a CVE ID; use
| CVE-2014-2038.
Thank you.
| is there also an opportunity for Client B to conduct a DoS attack
| against Client A (i.e., causing Client A's data to be completely lost)
| if the NFSv4 ACL on /mnt/file gives Client B APPEND_DATA access but
| not WRITE_DATA access?
Ummn, I wonder if with only APPEND_DATA client would be able to
delete/over-write file data. It needs to be verified.
| Our understanding is that you mean the "extra" bytes printed by the
| cat command, i.e.,
|
| 0 \357 \277 \275 D 0 \357 \277 \275
|
| are the leaked kernel memory bytes.
Yes, that's correct.
Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic