BID:12330

Linux Kernel Unspecified Local NFS I/O Denial of Service Vulnerability

Info

Linux Kernel Unspecified Local NFS I/O Denial of Service Vulnerability

Bugtraq ID:	12330
Class:	Unknown
CVE:	CVE-2005-0207
Remote:	No
Local:	Yes
Published:	Jan 21 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	This vulnerability was announced in a SuSE security announcement.
Vulnerable:	SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SuSE Linux 8.1 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 + Redhat Fedora Core3 + Redhat Fedora Core2 + Trustix Secure Linux 3.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.5.69 Linux kernel 2.5.68 Linux kernel 2.5.67 Linux kernel 2.5.66 Linux kernel 2.5.65 Linux kernel 2.5.64 Linux kernel 2.5.63 Linux kernel 2.5.62 Linux kernel 2.5.61 Linux kernel 2.5.60 Linux kernel 2.5.59 Linux kernel 2.5.58 Linux kernel 2.5.57 Linux kernel 2.5.56 Linux kernel 2.5.55 Linux kernel 2.5.54 Linux kernel 2.5.53 Linux kernel 2.5.52 Linux kernel 2.5.51 Linux kernel 2.5.50 Linux kernel 2.5.49 Linux kernel 2.5.48 Linux kernel 2.5.47 Linux kernel 2.5.46 Linux kernel 2.5.45 Linux kernel 2.5.44 Linux kernel 2.5.43 Linux kernel 2.5.42 Linux kernel 2.5.41 Linux kernel 2.5.40 Linux kernel 2.5.39 Linux kernel 2.5.38 Linux kernel 2.5.37 Linux kernel 2.5.36 Linux kernel 2.5.35 Linux kernel 2.5.34 Linux kernel 2.5.33 Linux kernel 2.5.32 Linux kernel 2.5.31 Linux kernel 2.5.30 Linux kernel 2.5.29 Linux kernel 2.5.28 Linux kernel 2.5.27 Linux kernel 2.5.26 Linux kernel 2.5.25 Linux kernel 2.5.24 Linux kernel 2.5.23 Linux kernel 2.5.22 Linux kernel 2.5.21 Linux kernel 2.5.20 Linux kernel 2.5.19 Linux kernel 2.5.18 Linux kernel 2.5.17 Linux kernel 2.5.16 Linux kernel 2.5.15 Linux kernel 2.5.14 Linux kernel 2.5.13 Linux kernel 2.5.12 Linux kernel 2.5.11 Linux kernel 2.5.10 Linux kernel 2.5.9 Linux kernel 2.5.8 Linux kernel 2.5.7 Linux kernel 2.5.6 Linux kernel 2.5.5 Linux kernel 2.5.4 Linux kernel 2.5.3 Linux kernel 2.5.2 Linux kernel 2.5.1 Linux kernel 2.5 .0 Linux kernel 2.4.29 -rc2 Linux kernel 2.4.29 -rc1 Linux kernel 2.4.28 Linux kernel 2.4.27 -pre5 Linux kernel 2.4.27 -pre4 Linux kernel 2.4.27 -pre3 Linux kernel 2.4.27 -pre2 Linux kernel 2.4.27 -pre1 Linux kernel 2.4.27 Linux kernel 2.4.26 Linux kernel 2.4.25 Linux kernel 2.4.24 -ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 -pre9 Linux kernel 2.4.23 -ow2 Linux kernel 2.4.23 Linux kernel 2.4.22 + Devil-Linux Devil-Linux 1.0.5 + Devil-Linux Devil-Linux 1.0.4 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Redhat Fedora Core1 + Slackware Linux 9.1 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + SuSE SUSE Linux Enterprise Server 8 Linux kernel 2.4.20 Linux kernel 2.4.19 -pre6 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.19 -pre4 Linux kernel 2.4.19 -pre3 Linux kernel 2.4.19 -pre2 Linux kernel 2.4.19 -pre1 Linux kernel 2.4.19 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.18 pre-7 Linux kernel 2.4.18 pre-6 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.18 pre-2 Linux kernel 2.4.18 pre-1 Linux kernel 2.4.18 x86 Linux kernel 2.4.18 Linux kernel 2.4.17 Linux kernel 2.4.16 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4.12 Linux kernel 2.4.11 Linux kernel 2.4.10 Linux kernel 2.4.9 Linux kernel 2.4.8 Linux kernel 2.4.7 + Redhat Linux 7.2 + SuSE Linux 7.2 + SuSE Linux 7.1 Linux kernel 2.4.6 Linux kernel 2.4.5 + Slackware Linux 8.0 Linux kernel 2.4.4 Linux kernel 2.4.3 Linux kernel 2.4.2 Linux kernel 2.4.1 Linux kernel 2.4 .0-test9 Linux kernel 2.4 .0-test8 Linux kernel 2.4 .0-test7 Linux kernel 2.4 .0-test6 Linux kernel 2.4 .0-test5 Linux kernel 2.4 .0-test4 Linux kernel 2.4 .0-test3 Linux kernel 2.4 .0-test2 Linux kernel 2.4 .0-test12 Linux kernel 2.4 .0-test11 Linux kernel 2.4 .0-test10 Linux kernel 2.4 .0-test1 Linux kernel 2.4

Not Vulnerable:

Discussion

Linux Kernel Unspecified Local NFS I/O Denial of Service Vulnerability

The Linux kernel is reported prone to an unspecified local denial of service vulnerability. It is reported that issue exists locally and is exploitable through direct I/O access to NFS file systems.

Successful exploitation will lead to a kernel panic on a computer with NFS mounts. This would effectively deny service to legitimate users.

Exploit / POC

Linux Kernel Unspecified Local NFS I/O Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Linux Kernel Unspecified Local NFS I/O Denial of Service Vulnerability

Solution:
Conectiva has released a security advisory (CLA-2005:930) and fixes to address this and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

SuSE has released a security announcement (SUSE-SA:2005:003) and fixes to address the vulnerability described in this BID and also other vulnerabilities. Customers are advised to peruse the referenced announcement for further details in regard to obtaining and applying appropriate fixes.

SuSE has released security advisory SUSE-SA:2005:010 dealing with an issue that has arisen due to a broken patch previously released. Apparently due to various new checks being performed computers running an NVidia graphics card may experience a denial of service condition when X Windows is started. This issue affects SuSE Linux 9.1, SuSE Linux Enterprise Server 9, and Novell Linux Desktop 9.

RedHat has released advisory RHSA-2005:366-19 to address this, and other issues in RedHat Enterprise Linux 4, and RedHat Desktop 4 operating systems. Please see the referenced advisory for further information.

Linux kernel 2.4.21