Bug 234366 - DOS: Remote nfs server crash and fix
DOS: Remote nfs server crash and fix
Status: CLOSED DUPLICATE of bug 199172
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Staubach
Martin Jenner
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-28 14:33 EDT by Steve Dickson
Modified: 2007-11-16 20:14 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-28 16:17:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstreamp patch (2.21 KB, patch)
2007-03-28 14:33 EDT, Steve Dickson
no flags Details | Diff

  None (edit)
Description Steve Dickson 2007-03-28 14:33:03 EDT
Description of problem:
Date: Wed, 28 Mar 2007 09:53:31 -0500
From: Jim Rees <rees@umich.edu>
To: Steve Dickson <steved@redhat.com>

We have recently found a remote denial of service attack against Redhat nfs
servers running the 2.6.9-42 kernel.  The attack can be carried out by any
client with read access to the nfs server, and results in corruption to the
ext3 journal on the server.  The server usually requires a manual fsck to
recover.

I have attached a pcap trace of the attack, which uses a specially crafted
file handle.  Only a lookup and readdir operation are required.  The attack
is in frames 53-57 of the trace.

I have also attached a patch that prevents this attack.  This patch is in
the upstream kernel sources, but as far as I know has not been merged in to
the Redhat kernel source.




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Steve Dickson 2007-03-28 14:33:03 EDT
Created attachment 151144 [details]
Upstreamp patch
Comment 2 RHEL Product and Program Management 2007-03-28 14:47:08 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Jason Baron 2007-03-28 16:17:15 EDT

*** This bug has been marked as a duplicate of 199172 ***

Note You need to log in before you can comment on or make changes to this bug.