The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability alert CVE-2008-7256 CVE-2010-1643

Linux kernel: denial of service via knfsd

Synthesis of the vulnerability

When knfsd is used to export files on a shmemfs system, an attacker can force the kernel to dereference a NULL pointer, which stops the system.
Impacted products: Linux, MES, Mandriva Linux, openSUSE, RHEL, SLES.
Severity: 1/4.
Creation date: 26/05/2010.
Identifiers: 595970, BID-40377, BID-42217, CVE-2008-7256, CVE-2010-1643, MDVSA-2010:188, MDVSA-2010:198, RHSA-2010:0631-01, SUSE-SA:2010:031, VIGILANCE-VUL-9666.

Description of the vulnerability

The "overcommit" feature indicate how the memory is managed (/proc/sys/vm/overcommit_memory):
 0 : heuristic overcommit: a malloc() can success even if all memory has been used
 1 : no overcommit
 2 : strict overcommit: the success rate of malloc() is determined by overcommit_ratio

A shmfs/shmemfs filesystem is used to store files in memory.

The Linux kernel implements a NFS server (knfsd).

When a shmemfs system is exported via NFS, and when the overcommit is strict, if memory is missing, the pointer current->mm is NULL and it is dereferenced.

When knfsd is used to export files on a shmemfs system, a local attacker can therefore deplete the memory, in order to stop the system.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.