Bug 234366 - DOS: Remote nfs server crash and fix
Summary: DOS: Remote nfs server crash and fix
Status: CLOSED DUPLICATE of bug 199172
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.4
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Peter Staubach
QA Contact: Martin Jenner
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-28 18:33 UTC by Steve Dickson
Modified: 2007-11-17 01:14 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-03-28 20:17:15 UTC
Target Upstream Version:

Attachments (Terms of Use)
Upstreamp patch (2.21 KB, patch)
2007-03-28 18:33 UTC, Steve Dickson
no flags Details | Diff

Description Steve Dickson 2007-03-28 18:33:03 UTC
Description of problem:
Date: Wed, 28 Mar 2007 09:53:31 -0500
From: Jim Rees <rees@umich.edu>
To: Steve Dickson <steved@redhat.com>

We have recently found a remote denial of service attack against Redhat nfs
servers running the 2.6.9-42 kernel.  The attack can be carried out by any
client with read access to the nfs server, and results in corruption to the
ext3 journal on the server.  The server usually requires a manual fsck to

I have attached a pcap trace of the attack, which uses a specially crafted
file handle.  Only a lookup and readdir operation are required.  The attack
is in frames 53-57 of the trace.

I have also attached a patch that prevents this attack.  This patch is in
the upstream kernel sources, but as far as I know has not been merged in to
the Redhat kernel source.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Steve Dickson 2007-03-28 18:33:03 UTC
Created attachment 151144 [details]
Upstreamp patch

Comment 2 RHEL Program Management 2007-03-28 18:47:08 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 3 Jason Baron 2007-03-28 20:17:15 UTC

*** This bug has been marked as a duplicate of 199172 ***

Note You need to log in before you can comment on or make changes to this bug.