Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 234366

Summary: DOS: Remote nfs server crash and fix
Product: Red Hat Enterprise Linux 4 Reporter: Steve Dickson <steved>
Component: kernelAssignee: Peter Staubach <staubach>
Status: CLOSED DUPLICATE QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: jbaron
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-28 20:17:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Upstreamp patch none

Description Steve Dickson 2007-03-28 18:33:03 UTC 
Description of problem:
Date: Wed, 28 Mar 2007 09:53:31 -0500
From: Jim Rees <rees>
To: Steve Dickson <steved>

We have recently found a remote denial of service attack against Redhat nfs
servers running the 2.6.9-42 kernel.  The attack can be carried out by any
client with read access to the nfs server, and results in corruption to the
ext3 journal on the server.  The server usually requires a manual fsck to
recover.

I have attached a pcap trace of the attack, which uses a specially crafted
file handle.  Only a lookup and readdir operation are required.  The attack
is in frames 53-57 of the trace.

I have also attached a patch that prevents this attack.  This patch is in
the upstream kernel sources, but as far as I know has not been merged in to
the Redhat kernel source.




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Steve Dickson 2007-03-28 18:33:03 UTC 
Created attachment 151144 [details]
Upstreamp patch
Comment 2 RHEL Program Management 2007-03-28 18:47:08 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Jason Baron 2007-03-28 20:17:15 UTC 

*** This bug has been marked as a duplicate of 199172 ***