Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 530269 - (CVE-2009-3623) CVE-2009-3623 kernel: nfsd4: fix null dereference creating nfsv4 callback client
CVE-2009-3623 kernel: nfsd4: fix null dereference creating nfsv4 callback client
Status: CLOSED UPSTREAM
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,reported=20091022,pu...
: Security
Depends On: 531663
Blocks:
  Show dependency treegraph
 
Reported: 2009-10-22 00:51 EDT by Eugene Teo (Security Response)
Modified: 2012-07-16 13:22 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-21 14:21:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Eugene Teo (Security Response) 2009-10-22 00:51:23 EDT 
Quoting from upstream patch:
On setting up the callback to the client, we attempt to use the same authentication flavor the client did.  We find an rpc cred to use by calling rpcauth_lookup_credcache(), which assumes that the given authentication flavor has a credentials cache.  However, this is not required to be true--in particular, auth_null does not use one. Instead, we should call the auth's lookup_cred() method.

Without this, a client attempting to mount using nfsv4 and auth_null triggers a null dereference.

The code was introduced in upstream commit 3cef9ab2 (v2.6.31-rc1), fixed in 886e3b7f (v2.6.32-rc1), and was later replaced by 80fc015b.
Comment 1 Chuck Ebbert 2009-10-22 16:12:54 EDT 
Commit 886e3b7f is also in 2.6.31.2 (nfsd4-fix-null-dereference-creating-nfsv4-callback-client.patch), so no fix needed for Fedora 12.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.