Ubuntu: Security Advisory (USN-1488-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: nfs4_getfacl decoding kernel oops

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

DEBIAN-CVE-2012-2375

The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words in an...

UBUNTU-CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

[USN-1390-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1390-1 March 06, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

UBUNTU-CVE-2012-1090

The cifslookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service OOPS via attempted access to a special file, as demonstrated by a FIFO. "The cifs code will attempt to open files on lookup under certain circumstances. What happens though i...

kernel: nfsv4: mknod(2) DoS

The encodeshareaccess function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service BUG and system crash by using the mknod system call with a pathname on an NFSv4 filesystem...

kernel: nfs: diotest4 from LTP crash client null pointer deref

The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service NULL pointer dereference and ODIRECT oops, as demonstrated using diotest4 from LTP...

PT-2012-1861 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.31-rc6 Description: The issue is related to the NFS implementation in the Linux kernel, where certain functions are called without properly initializing specific data. This can be exploited by local users to...

kernel: rpc task leak after flock()ing NFS share

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

nfs-utils: Improper authentication of an incoming request when an IP based authentication used

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...

kernel: cifs: always do is_path_accessible check in cifs_mount

The setupcifssb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service system crash by placing a referral at the root of a share...

UBUNTU-CVE-2011-2491

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

kernel: rpc task leak after flock()ing NFS share

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab

The nfs4procsetacl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service panic via a crafted attempt to set an ACL...

kernel: rpc task leak after flock()ing NFS share

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab

The nfs4procsetacl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service panic via a crafted attempt to set an ACL...

PT-2011-2862 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38 Description: The issue is related to the nfs4 proc set acl function in the Linux kernel, which stores NFSv4 ACL data in memory allocated by kmalloc but does not properly free it. This can be exploited by...

DEBIAN-CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

kernel: nfsd4: bug in read_buf

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...