oss-sec mailing list archives
CVE Request for ZFS on Linux
From: Kash Pande <kash () tripleback net>
Date: Tue, 21 Apr 2015 21:58:17 -0400
MITRE: https://github.com/zfsonlinux/zfs/issues/3319 This was "discovered" yesterday. As outlined here, there is a security issue in the Debian packages for zfsonlinux which will export NFS shares to * when you only intend for 192.168.0.0/24. Some notes: -> Debian packages for zfsonlinux were using extra patches for NFS, iSCSI and other shares not present in upstream zfsonlinux -> These patches were included by the maintainer of the Debian packages against upstream's wishes NFS users who are exporting host-specific shares from CentOS/FreeBSD/illumos who switch to Debian will certainly be surprised to find their NFS shares are wide open. Can we have a CVE for tracking this, as it's a unique issue which has apparently been in the Debian packages for some time now. No other zfsonlinux distribution suffers these issues. -- Kash Pande Jentu Technologies, Inc. http://jentu-networks.com
Current thread:
- CVE Request for ZFS on Linux Kash Pande (Apr 21)
- Re: CVE Request for ZFS on Linux cve-assign (Apr 21)
- Re: CVE Request for ZFS on Linux Kash Pande (Apr 21)
- Re: CVE Request for ZFS on Linux cve-assign (Apr 22)
- Re: CVE Request for ZFS on Linux cve-assign (Apr 21)