** Description changed:

- The fix for CVE-2011-4131 was not complete. Malicious NFS server could
- still crash the clients when more than 2 GETATTR bitmap words are
- returned in response to the FATTR4_ACL attribute request.
+ The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4
+ implementation in the Linux kernel before 3.3.2 uses an incorrect length
+ variable during a copy operation, which allows remote NFS servers to
+ cause a denial of service (OOPS) by sending an excessive number of
+ bitmap words in an FATTR4_ACL reply.  NOTE: this vulnerability exists
+ because of an incomplete fix for CVE-2011-4131.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1002505

Title:
  CVE-2012-2375

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1002505/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to