[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request: Linux kernel: nfs: information leakage
From:       P J P <ppandit () redhat ! com>
Date:       2014-02-20 18:51:16
Message-ID: alpine.LFD.2.10.1402210016170.2844 () wniryva ! cad ! erqung ! pbz
[Download RAW message or body]

+-- On Thu, 20 Feb 2014, cve-assign@mitre.org wrote --+
| This is definitely a problem that can have a CVE ID; use
| CVE-2014-2038.

  Thank you.
 
| is there also an opportunity for Client B to conduct a DoS attack
| against Client A (i.e., causing Client A's data to be completely lost)
| if the NFSv4 ACL on /mnt/file gives Client B APPEND_DATA access but
| not WRITE_DATA access?

  Ummn, I wonder if with only APPEND_DATA client would be able to 
delete/over-write file data. It needs to be verified.
 
| Our understanding is that you mean the "extra" bytes printed by the
| cat command, i.e.,
| 
|    0 \357 \277 \275 D 0 \357 \277 \275
| 
| are the leaked kernel memory bytes.

  Yes, that's correct.

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]