Bug 675858

Summary: NFS kernel panic with port port or security scan on nfs mounts
Product: Red Hat Enterprise Linux 6 Reporter: John Ferreira <ferreira>
Component: kernelAssignee: nfs-maint
Status: CLOSED INSUFFICIENT_DATA QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3CC: eteo, jlayton, rwheeler, sprabhu, steved, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-11 13:20:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description John Ferreira 2011-02-07 23:41:13 UTC 
Description of problem:
Security scans using nmap or retina causes a kernel crash when a nfs mount is mounted.  Not a problem with no mounts.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Workstation release 6.0 (Santiago)
Kernel 2.6.32-71.14.1.el6.x86_64 

How reproducible:
nmap -sV -O -p 1-65535 [ hostname ] 
or
Retina scan.

Steps to Reproduce:
1.nmap -sV -O -p 1-65535 [ hostname ]  
2. Retina security scanner
3.
  
Actual results:
Kernel panic

Expected results:
List of open ports.

Additional info:
nfs3 or nfs4 kernel panics
Comment 2 Steve Dickson 2011-02-17 16:19:51 UTC 
Please post the panic info...
Comment 5 Sachin Prabhu 2011-03-18 12:33:07 UTC 
Could you please test this particular issue using the kernel from 
http://rhn.redhat.com/errata/RHSA-2011-0329.html

This fixes an error handling code which resulted in a similar crash.
--
* A use-after-free flaw was found in the Linux kernel's RPC server sockets
implementation. A remote attacker could use this flaw to trigger a denial
of service by sending a corrupted packet to a target system.
(CVE-2011-0714, Important)
--
Comment 6 RHEL Program Management 2011-04-04 02:08:04 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 7 Steve Dickson 2011-08-16 18:03:19 UTC 
No response to the inquiry... Changing the component to kernel and moving
out to 6.3
Comment 8 RHEL Program Management 2011-10-07 15:22:26 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 9 Sachin Prabhu 2012-01-11 13:25:18 UTC 
This is probably the same issue described in 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0714