Bug 200762 - CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
Summary: CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Eric Sandeen
QA Contact: Brian Brock
Whiteboard: impact=moderate,source=lkml,reported=...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2006-07-31 15:10 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-20 20:53:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Marcel Holtmann 2006-07-31 15:10:46 UTC
Reported by James McKenzie on LKML:


The bug #199172 describes the possibility to corrupt a ext2/ext3 filesystem
which is exported over NFS via bad packets.

In the case of RHEL4 the filesystem will be remounted read-only and marked as
dirty. In case of RHEL3 only an error messages occurs and it continues. However
it still seems possible to corrupt the filesystem.

Comment 5 Ernie Petrides 2006-09-08 23:43:38 UTC
Hi, Marcel.  Could you please downgrade the security impact of this BZ
against RHEL3 to "low", since nothing more serious than a console message
occurs?  (This is further mitigated by the fact that unprivileged users
cannot recreate the problem at will.)

Comment 6 Marcel Holtmann 2006-09-09 06:02:24 UTC
Downgraded the security impact to moderate. With the default mount options for
ext2 and ext3 this issue only results in showing additional console messages. If
the exported filesystem has been mounted with the options to remount read-only
or panic than this poses a security threat.

Comment 9 Marcel Holtmann 2007-03-20 20:53:13 UTC
Closing this bug now as NOTABUG, because of the compatibility concerns and due
to the fact that the default settings are safe. A user has to explicitly specify
the remount read-only option to make the system vulnerable.

Note You need to log in before you can comment on or make changes to this bug.