You are here

U-037: Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code

November 16, 2011 - 7:43am

Addthis

PROBLEM:

Linux Kernel NFSv4 ACL Attribute Processing Error Lets Remote Users Execute Arbitrary Code.

PLATFORM:

Kernel version 2.6.x

ABSTRACT:

A remote server can cause the target connected client to crash.

referenceĀ  LINKS:

The Linux Kernel Archives
CVE-2011-4131
SecurityTracker Alert ID: 1026324
Linux Kernel [PATCH 1/1] NFSv4

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in the Linux Kernel. A remote user can cause denial of service conditions.

Impact:

A remote server can return specially crafted data to the connected target client to trigger a flaw in nfs4_getfacl() and cause the target client to crash.

Solution:

The vendor has issued a proposed patch, available at: LInux Kernel [PATCH 1/1]

Addthis