Mi,
We were wondering if you could help us define the security impact (if
any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
does have a security impact, we can work with MITRE to get a CVE ID
assigned.
--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110327210937.GX10433@dannf.org">http://lists.debian.org/20110327210937.GX10433@dannf.org
03-28-2011, 09:36 AM
Mi Jinlong
security impact of nfsd4_op_flags
dann frazier:
> Mi,
> We were wondering if you could help us define the security impact (if
> any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> does have a security impact, we can work with MITRE to get a CVE ID
> assigned.
>
The problem just affect NFS4.1, I can't meet some security impact.
What's your opinion, Bruce?
--
----
thanks
Mi Jinlong
--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4D9056A1.9060709@cn.fujitsu.com">http://lists.debian.org/4D9056A1.9060709@cn.fujitsu.com
03-28-2011, 12:09 PM
Ben Hutchings
security impact of nfsd4_op_flags
On Mon, 2011-03-28 at 17:36 +0800, Mi Jinlong wrote:
>
> dann frazier:
> > Mi,
> > We were wondering if you could help us define the security impact (if
> > any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> > does have a security impact, we can work with MITRE to get a CVE ID
> > assigned.
> >
>
> The problem just affect NFS4.1, I can't meet some security impact.
I think the overlapping flag values may have caused a security flaw
because the flags are involved in protocol validation and the overlap
resulted in some flag tests succeeding where they should have failed.
Judging by the comments on what these flags mean, it seems like this
could cause at least a denial of service. But perhaps not.
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
04-10-2011, 04:19 PM
"J. Bruce Fields"
security impact of nfsd4_op_flags
On Sun, Mar 27, 2011 at 03:09:37PM -0600, dann frazier wrote:
> Mi,
> We were wondering if you could help us define the security impact (if
> any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> does have a security impact, we can work with MITRE to get a CVE ID
> assigned.
Apologies, but I don't have an immediate answer off the top of my head,
or time to trace through it.
--b.
--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110410161932.GA26233@fieldses.org">http://lists.debian.org/20110410161932.GA26233@fieldses.org
04-10-2011, 05:22 PM
dann frazier
security impact of nfsd4_op_flags
On Sun, Apr 10, 2011 at 12:19:32PM -0400, J. Bruce Fields wrote:
> On Sun, Mar 27, 2011 at 03:09:37PM -0600, dann frazier wrote:
> > Mi,
> > We were wondering if you could help us define the security impact (if
> > any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> > does have a security impact, we can work with MITRE to get a CVE ID
> > assigned.
>
> Apologies, but I don't have an immediate answer off the top of my head,
> or time to trace through it.
No problem, thanks for taking the time to reply.
--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110410172202.GA6590@dannf.org">http://lists.debian.org/20110410172202.GA6590@dannf.org
security impact of nfsd4_op_flags
