Bug 200762
| Summary: | CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Marcel Holtmann <holtmann> |
| Component: | kernel | Assignee: | Eric Sandeen <esandeen> |
| Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | CC: | lwang, petrides, security-response-team, staubach, steved |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=moderate,source=lkml,reported=20060717,public=20060717 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-03-20 20:53:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marcel Holtmann
2006-07-31 15:10:46 UTC
Hi, Marcel. Could you please downgrade the security impact of this BZ against RHEL3 to "low", since nothing more serious than a console message occurs? (This is further mitigated by the fact that unprivileged users cannot recreate the problem at will.) Downgraded the security impact to moderate. With the default mount options for ext2 and ext3 this issue only results in showing additional console messages. If the exported filesystem has been mounted with the options to remount read-only or panic than this poses a security threat. Closing this bug now as NOTABUG, because of the compatibility concerns and due to the fact that the default settings are safe. A user has to explicitly specify the remount read-only option to make the system vulnerable. |