Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
BID:50798
Info
Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
| Bugtraq ID: | 50798 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2011-4324 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 24 2011 12:00AM |
| Updated: | Mar 19 2015 08:10AM |
| Credit: | Red Hat |
| Vulnerable: |
VMWare ESX 4.1 VMWare ESX 4.0 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise Server 10 SP3 LTSS SuSE SUSE Linux Enterprise SDK 10 SP4 SuSE SUSE Linux Enterprise Desktop 10 SP4 RedHat Enterprise Linux 5.0 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 5 OpenVZ Project OpenVZ 028stab095.1 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Conferencing Standard Edition 6.0 SP1 Avaya Conferencing Standard Edition 6.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Communication Manager 5.2 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 Avaya 96x1 IP Deskphone 6.2 Avaya 96x1 IP Deskphone 6 |
| Not Vulnerable: |
OpenVZ Project OpenVZ 028stab098.1 |
Discussion
Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
Red Hat Enterprise Linux is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
Red Hat Enterprise Linux 5 is affected.
Red Hat Enterprise Linux is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
Red Hat Enterprise Linux 5 is affected.
Exploit / POC
Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
Attackers can use readily available commands to exploit this issue.
Attackers can use readily available commands to exploit this issue.
Solution / Fix
Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
References:
References:
- Bug 755440 - (CVE-2011-4324) CVE-2011-4324 kernel: nfsv4: mknod(2) DoS (Red Hat)
- Download/kernel/rhel5/028stab098.1 (OpenVZ Project)
- NFSv4: Convert the open and close ops to use fmode (Red Hat)
- Red Hat Homepage (Red Hat)
- ASA-2012-118: kernel security, bug fix, and enhancement update (RHSA-2012-0007) (Avaya)
- ASA-2012-187 Wind River Linux kernel Security Update (WIND00319130) (Avaya)