From cc477ec772747ddbca5689b96e01f2d2a8369874 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 12 Nov 2009 22:21:16 +0000 Subject: retire issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1590 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2009-3623 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 retired/CVE-2009-3623 (limited to 'retired/CVE-2009-3623') diff --git a/retired/CVE-2009-3623 b/retired/CVE-2009-3623 new file mode 100644 index 00000000..80f5e29a --- /dev/null +++ b/retired/CVE-2009-3623 @@ -0,0 +1,28 @@ +Candidate: CVE-2009-3623 +Description: + "On setting up the callback to the client, we attempt to use the same + authentication flavor the client did. We find an rpc cred to use by + calling rpcauth_lookup_credcache(), which assumes that the given + authentication flavor has a credentials cache. However, this is not + required to be true--in particular, auth_null does not use one. + Instead, we should call the auth's lookup_cred() method. + . + Without this, a client attempting to mount using nfsv4 and auth_null + triggers a null dereference." + . + The code was introduced in upstream commit 3cef9ab2 (v2.6.31-rc1), + fixed in 886e3b7f (v2.6.32-rc1), and was later replaced by 80fc015b in + the same version. +References: + http://article.gmane.org/gmane.linux.nfs/26513 + https://bugzilla.redhat.com/show_bug.cgi?id=530269 + http://git.kernel.org/linus/3cef9ab266a932899e756f7e1ea7a988a97bf3b2 + http://git.kernel.org/linus/886e3b7fe6054230c89ae078a09565ed183ecc73 + http://git.kernel.org/linus/80fc015bdfe1f5b870c1e1ee02d78e709523fee7 +Notes: +Bugs: +upstream: released (2.6.32-rc1), released (2.6.31.2) [b9703d921e254b499b300d652b4f35420176d509] +linux-2.6: released (2.6.31-1) +2.6.18-etch-security: N/A +2.6.24-etch-security: N/A +2.6.26-lenny-security: N/A -- cgit v1.2.3