The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: overflow via NFS

Synthesis of the vulnerability 

An attacker can access to a file with a long name shared via NFS in order to generate an overflow.
Impacted products: Debian, Linux, RHEL, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity of this bulletin: 2/4.
Creation date: 06/04/2009.
Références of this threat: BID-34390, CVE-2009-1336, DSA-1794-1, RHSA-2009:0473-01, RHSA-2009:1024-01, RHSA-2009:1077-01, VIGILANCE-VUL-8601, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5.

Description of the vulnerability 

The fs/nfs directory of the Linux kernel source code implements a NFS client.

The maximal size of a NFS file is defined by NFS[234]_MAXNAMLEN. However, the NFS client accepts to use longer names, which generates an overflow in the kernel.

An attacker can therefore access to a file with a long name shared via NFS in order to generate an overflow. This error stops the kernel and can lead to code execution.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as Debian, Linux, RHEL, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.

Our Vigil@nce team determined that the severity of this threat bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this threat.

Solutions for this threat 

Linux kernel: version 2.6.22.19.
Version 2.6.22.19 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

VMware ESX, ESXi, VirtualCenter: solution.
Following version is corrected:
VirtualCenter 4.0 Update 1
  http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware Virtual Center 2.5 Update 6
  http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
ESXi 4.0 Update 1
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip
ESXi 3.5
  http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip
ESX 4.0 Update 1
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip
  known problems: http://kb.vmware.com/kb/1016070
ESX 3.5
  http://download3.vmware.com/software/vi/ESX350-201002407-SG.zip
  http://download3.vmware.com/software/vi/ESX350-201002402-SG.zip
  http://download3.vmware.com/software/vi/ESX350-201002404-SG.zip
  http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
ESX 3.0.3
  http://download3.vmware.com/software/vi/ESX303-201002204-UG.zip
  http://download3.vmware.com/software/vi/ESX303-201002206-UG.zip
  http://download3.vmware.com/software/vi/ESX303-201002205-UG.zip

Debian 4: new linux-2.6 packages.
New packages are available:
  http://security.debian.org/pool/updates/main/l/linux-2.6/*_2.6.18.dfsg.1-24etch1_*.deb

RHEL 4.7: new kernel packages.
New packages are available:
  kernel-2.6.9-78.0.24.EL

RHEL 4.8: new kernel packages.
New packages are available:
Red Hat Enterprise Linux version 4: kernel-2.6.9-89.EL

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-128.1.10.el5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity alerts. The technology watch team tracks security threats targeting the computer system.