FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 03-27-2011, 09:09 PM
dann frazier
 
Default security impact of nfsd4_op_flags

Mi,
We were wondering if you could help us define the security impact (if
any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
does have a security impact, we can work with MITRE to get a CVE ID
assigned.


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110327210937.GX10433@dannf.org">http://lists.debian.org/20110327210937.GX10433@dannf.org
 
Old 03-28-2011, 09:36 AM
Mi Jinlong
 
Default security impact of nfsd4_op_flags

dann frazier:
> Mi,
> We were wondering if you could help us define the security impact (if
> any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> does have a security impact, we can work with MITRE to get a CVE ID
> assigned.
>

The problem just affect NFS4.1, I can't meet some security impact.

What's your opinion, Bruce?


--
----
thanks
Mi Jinlong


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4D9056A1.9060709@cn.fujitsu.com">http://lists.debian.org/4D9056A1.9060709@cn.fujitsu.com
 
Old 03-28-2011, 12:09 PM
Ben Hutchings
 
Default security impact of nfsd4_op_flags

On Mon, 2011-03-28 at 17:36 +0800, Mi Jinlong wrote:
>
> dann frazier:
> > Mi,
> > We were wondering if you could help us define the security impact (if
> > any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> > does have a security impact, we can work with MITRE to get a CVE ID
> > assigned.
> >
>
> The problem just affect NFS4.1, I can't meet some security impact.

I think the overlapping flag values may have caused a security flaw
because the flags are involved in protocol validation and the overlap
resulted in some flag tests succeeding where they should have failed.
Judging by the comments on what these flags mean, it seems like this
could cause at least a denial of service. But perhaps not.

Ben.

--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
 
Old 04-10-2011, 04:19 PM
"J. Bruce Fields"
 
Default security impact of nfsd4_op_flags

On Sun, Mar 27, 2011 at 03:09:37PM -0600, dann frazier wrote:
> Mi,
> We were wondering if you could help us define the security impact (if
> any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> does have a security impact, we can work with MITRE to get a CVE ID
> assigned.

Apologies, but I don't have an immediate answer off the top of my head,
or time to trace through it.

--b.


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110410161932.GA26233@fieldses.org">http://lists.debian.org/20110410161932.GA26233@fieldses.org
 
Old 04-10-2011, 05:22 PM
dann frazier
 
Default security impact of nfsd4_op_flags

On Sun, Apr 10, 2011 at 12:19:32PM -0400, J. Bruce Fields wrote:
> On Sun, Mar 27, 2011 at 03:09:37PM -0600, dann frazier wrote:
> > Mi,
> > We were wondering if you could help us define the security impact (if
> > any) of your fix for nfsd4_op_flags, commit 5ece3ca upstream. If it
> > does have a security impact, we can work with MITRE to get a CVE ID
> > assigned.
>
> Apologies, but I don't have an immediate answer off the top of my head,
> or time to trace through it.

No problem, thanks for taking the time to reply.


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110410172202.GA6590@dannf.org">http://lists.debian.org/20110410172202.GA6590@dannf.org
 

Thread Tools




All times are GMT. The time now is 02:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org