Bug 678144 (CVE-2011-0714)

Summary: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: arozansk, bressers, davej, dhoward, fhrbata, jkacur, jpirko, kernel-mgr, kmcmartin, lgoncalv, lwang, security-response-team, tcallawa, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 08:44:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 678094, 678146, 678182    
Bug Blocks:    

Description Petr Matousek 2011-02-16 21:30:37 UTC 
Description of problem:
It was found that lockd did not properly handle data packets that contained invalid data. This could be possibly exploited by unprivileged remote user to crash the server (DoS).

Acknowledgements:

Red Hat would like to thank Adam Prince for reporting this issue.
Comment 12 Josh Bressers 2011-03-08 18:10:51 UTC 
This issue only affects Red Hat Enterprise Linux 6. We did not properly backport upstream commit b48fa6b9. So we needed additional patch that fixes the improper backport.
Comment 13 Petr Matousek 2011-03-08 19:34:59 UTC 
Statement:

This issue only affects Red Hat Enterprise Linux 6 as we did not properly backport upstream commit b48fa6b9. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected.
Comment 14 errata-xmlrpc 2011-03-08 19:44:34 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0329 https://rhn.redhat.com/errata/RHSA-2011-0329.html