CVE-2011-4131

Priority
Description
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly
handle bitmap sizes in GETACL replies, which allows remote NFS servers to
cause a denial of service (OOPS) by sending an excessive number of bitmap
words.
Ubuntu-Description
Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation.
A remote NFS server (attacker) could exploit this flaw to cause a denial of
service.
Notes
jdstrande5012d1f3861d18c7f3814e757c1c3ab3741dbcd is incomplete
http://www.spinics.net/lists/linux-nfs/msg25288.html is proposed
patch
apwhttp://www.spinics.net/lists/linux-nfs/msg25746.html implies the proposed
patch needs further work, awaiting resubmission
http://www.spinics.net/lists/linux-nfs/msg26023.html looks to be the
fixed patch, waiting on feedback
now upstream as bf118a342f10dafe44b14451a1392c3254629a1f
jjremoved original incomplete e5012d1f3861d18c7f3814e757c1c3ab3741dbcd
as breakfix
jdstrandtoo intrusive to backport. Requires connecting to malicious NFS v4
server
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (3.11.0-12.19)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
bf118a342f10dafe44b14451a1392c3254629a1f
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.4.0-1.3])
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.4.0-1.9])
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [see note])
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Patches:
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [see note])
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.4.0-3.21])
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.4.0-4.19])
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
More Information

Updated: 2020-03-18 22:07:49 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)