Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2008-7256 CVE-2010-1643

Linux kernel: denial of service via knfsd

Synthesis of the vulnerability

When knfsd is used to export files on a shmemfs system, an attacker can force the kernel to dereference a NULL pointer, which stops the system.
Impacted products: Linux, MES, Mandriva Linux, openSUSE, RHEL, SLES.
Severity: 1/4.
Creation date: 26/05/2010.
Identifiers: 595970, BID-40377, BID-42217, CVE-2008-7256, CVE-2010-1643, MDVSA-2010:188, MDVSA-2010:198, RHSA-2010:0631-01, SUSE-SA:2010:031, VIGILANCE-VUL-9666.

Description of the vulnerability

The "overcommit" feature indicate how the memory is managed (/proc/sys/vm/overcommit_memory):
 0 : heuristic overcommit: a malloc() can success even if all memory has been used
 1 : no overcommit
 2 : strict overcommit: the success rate of malloc() is determined by overcommit_ratio

A shmfs/shmemfs filesystem is used to store files in memory.

The Linux kernel implements a NFS server (knfsd).

When a shmemfs system is exported via NFS, and when the overcommit is strict, if memory is missing, the pointer current->mm is NULL and it is dereferenced.

When knfsd is used to export files on a shmemfs system, a local attacker can therefore deplete the memory, in order to stop the system.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.



















Copyright 1999-2014 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française