Bug 524520 (CVE-2009-3286)
| Summary: | CVE-2009-3286 kernel: O_EXCL creates on NFSv4 are broken | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | unspecified | CC: | aca21, adam, ajb2, amtaylor, arozansk, Bert.Deknuydt, bfields, bloch, blocke, bmr, cebbert, davej, dhoward, dijuremo, eparis, flakrat, herrold, igeorgex, james.brown, james.l.perrin, jburke, jlayton, joshua.bakerlepain, jpirko, jwest, kaneva, kmcmartin, lampe, luc_daels, lwang, mmcgrath, pasteur, prgarcial, rik.theys, rjm002, robh, rudd-o, rwheeler, spanjikk, steved, tao, waananen | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2010-12-21 17:03:48 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 522163, 524521, 537293, 621428 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Eugene Teo (Security Response)
2009-09-21 03:02:27 UTC
Created attachment 361856 [details]
Proposed patch
can we get a testing src.rpm? is the attached patch the final patch? thanks Every release of RHEL 5 seesm to include a new serious NFS kernel bug and very few NFS bugs are fixed between releases. Would I be right to assume that no one who pays for RHEL uses NFS seriously, or perhaps that no one who uses NFS seriously buys RHEL ? The response to my paid support ticket said that the fix was planned for release the first week of November. I'm not entirely sure why it has to be another month from now before we see a fix for this. Any other paid support tickets see movement, similar or otherwise? After getting the notification about the patch having to wait until november, we have requested a "hotfix". However, we have not heard back in almost a week. Even with paid support this is getting ridiculous, such a critical issue not being addressed faster even when the appropriate fix is already known... 23-SEP-2009 16:17:50 **RH Support** I've requested the hotfix for you and will try to find out an ETA on when it could be fulfilled. Regards, **RH Support** 23-SEP-2009 15:09:57 **Our Support Requestor** I would like to request a hotfix. This issue is breaking our nfs servers, and another 7 weeks seems an awfully long time to wait for a critical patch. When can I tell my users to expect the hotfix kernel? I've gotten the exact same response - first week of November. Its been updated every 4 days, so I guess I'm due for an update today. :) Seriously though - a workaround/hotfix or kernel needs to be released sooner than that. Jeff, I would like to get a patch ASUP. And also I would like to add my voice for hotfix. Arkady Hotfixes are generally handled by our support organization. If you need a hotfix in the interim before this is released, then please file a support ticket and request one. So is it common for Red Hat to sit on a completely broken protocol with nasty security issues for three months? November? Seriously? I'm actually a little shocked by this one, since other fixes involving regression issues have been patched much sooner. RH also just released another kernel the other day for a KVM issue, so it's not like they appear to be holding off for consolidation here. Folks in this bug are actively vocal and generally appear to be paying customers given the quantity of support ticket numbers listed, so what's going on? Could someone from RH explain what the delay is about? If there's a legitimate explanation then it should clear up some of the hostility floating around in this bug. I'm not asking for a complete disclosure of practices, but a small peak behind the curtain would certainly go a long way to ease some of the tension here. As Jeff said in https://bugzilla.redhat.com/show_bug.cgi?id=524520#c10, please open a specific ticket with Red Hat support if you want/need a hotfix before we do another minor release. I have. Mine is the original paid support ticket listed in the post at the top. (original comment #22) via paid support I was told November. I asked there why it was taking so long and was offered the hotfix early. That's great, but doesn't help other folks. I'm simply asking here why it's taking so long. Would you like me to open a separate paid support ticket to ask why it taking 3 months and lots of pushing to get this fixed? All I'm asking for is an explanation for the delay. I don't think that's asking for anything overly unreasonable. As I said before, if there's a good reason it should allay the hostility that appears to be in this BZ entry. We have also requested a hot fix via paid support and have not heard anything since Sep 23 as shown in our previous posting: 23-SEP-2009 16:17:50 **RH Support** I've requested the hotfix for you and will try to find out an ETA on when it could be fulfilled. Regards, **RH Support** many of us already open a ticket. and we just waiting. in most other case rh can release a kernel update in a much faster way, but as most of us don't understand how can it happened that such a basic service bug not fixed for months? The following hotfix packages have been made available to us via our support ticket: kernel-2.6.18-164.3.1.el5.x86_64.rpm kernel-2.6.18-164.3.1.el5.i686.rpm If you have a support contract I assume you can get those as well until everyone gets the patched kernel in the first week of November. Via paid support, the word I got on the delay was that they were going to release a roll-up kernel to fix this and several other issues, and that they try to do this monthly. This bug missed the cycle for the last monthly update. This to me is a workable explanation that is a middle ground between inundating folks with new kernels and not releasing updates at all. Given that the hotfix is available for those who request it, I'm satisfied with this explanation. No idea why this couldn't have been explained here in the BZ though. *** Bug 523797 has been marked as a duplicate of this bug. *** (In reply to comment #20) > Via paid support, the word I got on the delay was that they were going to > release a roll-up kernel to fix this and several other issues, and that they > try to do this monthly. This bug missed the cycle for the last monthly update. > > > This to me is a workable explanation that is a middle ground between inundating > folks with new kernels and not releasing updates at all. Given that the hotfix > is available for those who request it, I'm satisfied with this explanation. > > No idea why this couldn't have been explained here in the BZ though. Jim, this bug was reported to us during the QE phase in the last kernel update, so we can only fix it in the next update. I could have explained this in the bug in response to c#5, but I was already on vacation then. Sorry about it. As mentioned in c#19, hotfixes are available, kindly contact Red Hat Support for them. Thanks. can we know the the hotfix mentioned in #13 and the coming kernel update in november will contain the same patch as attached in #2? thanks. (In reply to comment #24) > can we know the the hotfix mentioned in #13 and the coming kernel update in > november will contain the same patch as attached in #2? > thanks. Yes, of course. I'd like to add that I experienced the metadata issues on my 5.4 NFSv4 server (5.4 clients as well). In addition I also got a lot of reports from users where applications couldn't establish a file lock (/home is NFSv4 mounted): $ ssh -X wkstation01 /usr/bin/xauth: error in locking authority file /home/mhanby/.Xauthority As suggested above, booting to kernel 2.6.18-128.7.1 appears to have resolved the issue. I haven't tried the patched kernel yet. Just figured I'd add the locking issue in case someone searches for it since I did a good bit of searching before an IRC user directed me to this bug. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1548 https://rhn.redhat.com/errata/RHSA-2009-1548.html This problem happens in Fedora 13, kernel 2.6.33.6-147.2.4.fc13.x86_64 and earlier kernels, if the exported file system is a FUSE file system (REGARDLESS of the kernel in the exporter server) in NFS versions 2 and 3. Details here: http://groups.google.com/group/zfs-fuse/tree/browse_frm/thread/767dec5dd628d839/45d14c213613741f?rnum=11&q=nfs+problems&_done=%2Fgroup%2Fzfs-fuse%2Fbrowse_frm%2Fthread%2F767dec5dd628d839%2F45d14c213613741f%3Flnk%3Dgst%26q%3Dnfs%2Bproblems%26#doc_230660389d18e348 Sorry, my last comment should be NFS4. NFS3 and NFS2 only produce a metric ton of ESTALE errors in the client. (In reply to comment #33) > This problem happens in Fedora 13, kernel 2.6.33.6-147.2.4.fc13.x86_64 and > earlier kernels, if the exported file system is a FUSE file system (REGARDLESS > of the kernel in the exporter server) in NFS versions 2 and 3. > > Details here: > > http://groups.google.com/group/zfs-fuse/tree/browse_frm/thread/767dec5dd628d839/45d14c213613741f?rnum=11&q=nfs+problems&_done=%2Fgroup%2Fzfs-fuse%2Fbrowse_frm%2Fthread%2F767dec5dd628d839%2F45d14c213613741f%3Flnk%3Dgst%26q%3Dnfs%2Bproblems%26#doc_230660389d18e348 Rudd, please file a new bug for this. If you can provide the steps to reproduce the issue, even better. Thanks. This bug was due to a bug introduced in a backport to RHEL5. It should be a problem only in a small subset of RHEL5 kernels and was fixed quite some time ago. I suspect that any problems in Fedora are unrelated to this, even if the symptoms look the same. OK. |