oss-sec mailing list archives
Re: Re: CVE request: Linux kernel: nfs: information leakage
From: P J P <ppandit () redhat com>
Date: Fri, 21 Feb 2014 00:20:36 +0530 (IST)
+-- On Thu, 20 Feb 2014, cve-assign () mitre org wrote --+ | This is definitely a problem that can have a CVE ID; use | CVE-2014-2038. Thank you. | is there also an opportunity for Client B to conduct a DoS attack | against Client A (i.e., causing Client A's data to be completely lost) | if the NFSv4 ACL on /mnt/file gives Client B APPEND_DATA access but | not WRITE_DATA access? Ummn, I wonder if with only APPEND_DATA client would be able to delete/over-write file data. It needs to be verified. | Our understanding is that you mean the "extra" bytes printed by the | cat command, i.e., | | 0 \357 \277 \275 D 0 \357 \277 \275 | | are the leaked kernel memory bytes. Yes, that's correct. Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE request: Linux kernel: nfs: information leakage P J P (Feb 20)
- Re: CVE request: Linux kernel: nfs: information leakage cve-assign (Feb 20)
- Re: Re: CVE request: Linux kernel: nfs: information leakage P J P (Feb 20)
- Re: CVE request: Linux kernel: nfs: information leakage cve-assign (Feb 20)