Red Hat Bugzilla – Bug 200762
CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
Last modified: 2007-11-30 17:07:10 EST
Reported by James McKenzie on LKML:
The bug #199172 describes the possibility to corrupt a ext2/ext3 filesystem
which is exported over NFS via bad packets.
In the case of RHEL4 the filesystem will be remounted read-only and marked as
dirty. In case of RHEL3 only an error messages occurs and it continues. However
it still seems possible to corrupt the filesystem.
Hi, Marcel. Could you please downgrade the security impact of this BZ
against RHEL3 to "low", since nothing more serious than a console message
occurs? (This is further mitigated by the fact that unprivileged users
cannot recreate the problem at will.)
Downgraded the security impact to moderate. With the default mount options for
ext2 and ext3 this issue only results in showing additional console messages. If
the exported filesystem has been mounted with the options to remount read-only
or panic than this poses a security threat.
Closing this bug now as NOTABUG, because of the compatibility concerns and due
to the fact that the default settings are safe. A user has to explicitly specify
the remount read-only option to make the system vulnerable.