|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Linux kernel: denial of service via knfsd
Synthesis of the vulnerability
When knfsd is used to export files on a shmemfs system, an attacker can force the kernel to dereference a NULL pointer, which stops the system.
Impacted products: Linux, MES, Mandriva Linux, openSUSE, RHEL, SLES.
Creation date: 26/05/2010.
Identifiers: 595970, BID-40377, BID-42217, CVE-2008-7256, CVE-2010-1643, MDVSA-2010:188, MDVSA-2010:198, RHSA-2010:0631-01, SUSE-SA:2010:031, VIGILANCE-VUL-9666.
Description of the vulnerability
The "overcommit" feature indicate how the memory is managed (/proc/sys/vm/overcommit_memory):
0 : heuristic overcommit: a malloc() can success even if all memory has been used
1 : no overcommit
2 : strict overcommit: the success rate of malloc() is determined by overcommit_ratio
A shmfs/shmemfs filesystem is used to store files in memory.
The Linux kernel implements a NFS server (knfsd).
When a shmemfs system is exported via NFS, and when the overcommit is strict, if memory is missing, the pointer current->mm is NULL and it is dereferenced.
When knfsd is used to export files on a shmemfs system, a local attacker can therefore deplete the memory, in order to stop the system.
Complete Vigil@nce bulletin.... (free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.