Bug 200762 - CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Sandeen
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-07-31 11:10 EDT by Marcel Holtmann
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-20 16:53:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marcel Holtmann 2006-07-31 11:10:46 EDT
Reported by James McKenzie on LKML:


The bug #199172 describes the possibility to corrupt a ext2/ext3 filesystem
which is exported over NFS via bad packets.

In the case of RHEL4 the filesystem will be remounted read-only and marked as
dirty. In case of RHEL3 only an error messages occurs and it continues. However
it still seems possible to corrupt the filesystem.
Comment 5 Ernie Petrides 2006-09-08 19:43:38 EDT
Hi, Marcel.  Could you please downgrade the security impact of this BZ
against RHEL3 to "low", since nothing more serious than a console message
occurs?  (This is further mitigated by the fact that unprivileged users
cannot recreate the problem at will.)
Comment 6 Marcel Holtmann 2006-09-09 02:02:24 EDT
Downgraded the security impact to moderate. With the default mount options for
ext2 and ext3 this issue only results in showing additional console messages. If
the exported filesystem has been mounted with the options to remount read-only
or panic than this poses a security threat.
Comment 9 Marcel Holtmann 2007-03-20 16:53:13 EDT
Closing this bug now as NOTABUG, because of the compatibility concerns and due
to the fact that the default settings are safe. A user has to explicitly specify
the remount read-only option to make the system vulnerable.

Note You need to log in before you can comment on or make changes to this bug.