Re: Re: CVE request: Linux kernel: nfs: information leakage

[P J P <ppandit () redhat com>]

+-- On Thu, 20 Feb 2014, cve-assign () mitre org wrote --+
| This is definitely a problem that can have a CVE ID; use
| CVE-2014-2038.

  Thank you.
 
| is there also an opportunity for Client B to conduct a DoS attack
| against Client A (i.e., causing Client A's data to be completely lost)
| if the NFSv4 ACL on /mnt/file gives Client B APPEND_DATA access but
| not WRITE_DATA access?

  Ummn, I wonder if with only APPEND_DATA client would be able to 
delete/over-write file data. It needs to be verified.
 
| Our understanding is that you mean the "extra" bytes printed by the
| cat command, i.e.,
| 
|    0 \357 \277 \275 D 0 \357 \277 \275
| 
| are the leaked kernel memory bytes.

  Yes, that's correct.

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team