NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service

2002-09-18T00:00:00
ID SECURITYVULNS:DOC:3496
Type securityvulns
Reporter Securityvulns
Modified 2002-09-18T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE-----

             NetBSD Security Advisory 2002-013
             =================================

Topic: Bug in NFS server code allows remote denial of service

Version: NetBSD-current: source prior to Aug 3, 2002 NetBSD 1.6 beta: source prior to Aug 3, 2002 NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected NetBSD-1.4.*: affected

Severity: remote denial of service

Fixed: NetBSD-current: Aug 3, 2002 NetBSD-1.6 branch: Aug 3, 2002 (1.6 includes the fix) NetBSD-1.5 branch: September 5, 2002 NetBSD-1.4 branch: not yet

Abstract

The Network File System (NFS) allows a host to export some or all of its filesystems, or parts of them, so that other hosts can access them over the network and mount them as if they were on local disks. NFS is built on top of the Sun Remote Procedure Call (RPC) framework.

An attacker in a position to send RPC messages to an affected NetBSD system can construct a sequence of malicious RPC messages that cause the target system to lock up.

Technical Details

A part of the NFS server code charged with handling incoming RPC messages had an error which, when the server received a message with a zero-length payload, would cause it to reference the payload from the previous message, creating a loop in the message chain. This would later cause an infinite loop in a different part of the NFS server code which tried to traverse the chain.

Certain Linux implementations of NFS produce zero-length RPC messages in some cases. A NetBSD system running an NFS server may lock up when such clients connect.

Solutions and Workarounds

If possible, disable the NFS server on your machine. It is still preferable to apply the following fixes to prevent using vulnerable NFS code in the future.

The recent NetBSD 1.6 release is not vulnerable to this issue. A full upgrade to NetBSD 1.6 is the recommended resolution for all users able to do so. Many security-related improvements have been made, and indeed this release has been delayed several times in order to include fixes for a number of recent issues.

The following instructions describe how to upgrade your kernel by updating your source tree and rebuilding and installing a new version of kernel.

  • NetBSD-current:

    Systems running NetBSD-current dated from before 2002-08-03
    should be upgraded to NetBSD-current dated 2002-08-03 or later.
    
    The following directories need to be updated from the
    netbsd-current CVS branch (aka HEAD):
            sys/nfs
    
    To update from CVS:
    
            # cd src
            # cvs update -d -P sys/nfs
    
    Configure, compile, install and boot a new kernel according to
    the instructions at:
        http://www.netbsd.org/Documentation/kernel/#building_a_kernel
    
  • NetBSD 1.6 beta:

    Systems running NetBSD 1.6 BETAs and Release Candidates should
    be upgraded to the NetBSD 1.6 release.
    
    If a source-based point upgrade is required, sources from the
    NetBSD 1.6 branch dated 2002-08-03 or later should be used.
    
    The following directories need to be updated from the
    netbsd-1-6 CVS branch:
            sys/nfs
    
    To update from CVS:
            # cd src
            # cvs update -d -P -r netbsd-1-6 sys/nfs
    
    Configure, compile, install and boot a new kernel according to
    the instructions at:
        http://www.netbsd.org/Documentation/kernel/#building_a_kernel
    
  • NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

    Systems running NetBSD 1.5 sources dated from before
    2002-09-05 should be upgraded from NetBSD 1.5 sources dated
    2002-09-05 or later.
    
    The following directories need to be updated from the
    netbsd-1-5 CVS branch:
            sys/nfs
    
    To update from CVS:
            # cd src
            # cvs update -d -P -r netbsd-1-5 sys/nfs
    
    Configure, compile, install and boot a new kernel according to
    the instructions at:
        http://www.netbsd.org/Documentation/kernel/#building_a_kernel
    
  • NetBSD 1.4, 1.4.1, 1.4.2, 1.4.3:

    The advisory will be updated with instructions to fix the problem
    for 1.5-based systems.
    

Thanks To

FreeBSD security officers. The advisory text is based on their advisory.

The NetBSD Release Engineering teams, for great patience and assistance in dealing with repeated security issues discovered recently.

Revision History

    2002-09-16      Initial release

More Information

An up-to-date PGP signed copy of this release will be maintained at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc

Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.

$NetBSD: NetBSD-SA2002-013.txt,v 1.7 2002/09/16 05:17:55 dan Exp $

-----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv

iQCVAwUBPYVqUD5Ru2/4N2IFAQF7VwP9HAw6DGiJI3TmxGeVR/7fNquzCXI6QtSJ evofRBhcsSSNGuTYn9R8KVHdn+f7n8fdc2b3huQ6UCLr3epAgRg6eeCDX8O60fpG DvKUABOJXx1LoUEkGsNGdTizxg3uoD/2GLCvDLhZZiZ4k9srZRRzFT3neyWWdFln EFbs33wT+40= =78tO -----END PGP SIGNATURE-----