Vigil@nce: Linux kernel, overflow via NFS
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can access to a file with a long name shared via NFS
in order to generate an overflow.
Severity: 2/4
Consequences: user access/rights, denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 06/04/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The fs/nfs directory of the Linux kernel source code implements a
NFS client.
The maximal size of a NFS file is defined by NFS[234]_MAXNAMLEN.
However, the NFS client accepts to use longer names, which
generates an overflow in the kernel.
An attacker can therefore access to a file with a long name shared
via NFS in order to generate an overflow. This error stops the
kernel and can lead to code execution.
CHARACTERISTICS
Identifiers: BID-34390, VIGILANCE-VUL-8601
http://vigilance.fr/vulnerability/Linux-kernel-overflow-via-NFS-8601