Sun Solaris NFS Client Module ACL(2) Packets Denial of Service Vulnerability

Bugtraq ID:	24145
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-2882
Remote:	Yes
Local:	No
Published:	Apr 12 2007 12:00AM
Updated:	May 07 2015 05:37PM
Credit:	Andrzej Dereszowski is credited with the discovery of this vulnerability.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10_sparc Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1
Not Vulnerable:

Sun Solaris NFS Client Module ACL(2) Packets Denial of Service Vulnerability

The Sun Solaris NFS client module is prone to a denial-of-service vulnerability because the application fails to handle specially crafted packets.

An attacker can exploit this issue to cause NFS servers to panic, resulting in a denial-of-service condition.

Sun Solaris NFS Client Module ACL(2) Packets Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Solaris NFS Client Module ACL(2) Packets Denial of Service Vulnerability

Solution:
Sun has released patches to address this issue. Please see the references for more information.

Sun Solaris NFS Client Module ACL(2) Packets Denial of Service Vulnerability

References:

• ASA-2007-245 - Security Vulnerability in NFS Client Module May Lead to a Denial (Avay)
  
• Solaris Homepage (Sun Microsystems)
  
• Sun Alert ID 102911: Security Vulnerability in NFS Client Module May Lead to a D (Sun Microsystems )