CERT-In Vulnerability Note CIVN-2008-138
Vulnerability in the Solaris NFSv4 Client Kernel Module
Original Issue Date:
August 26, 2008
Severity Rating:
Low
System Affected
Overview
A vulnerability has been reported in Sun Solaris NFSv4 client kernel module that may allow local malicious user to cause Denial of Service.
Description
The Network File System (NFS) is module for network file sharing. NFS V4 integrates file access, file locking, and mount protocols into a single, unified protocol to ease traversal through a firewall and to improve security. A vulnerability has been reported in Sun Solaris 10, which is because of an unspecified error in the NFSv4 client kernel module and found in the systems where NFSv4 and automountd(1M) are in use. It can be exploited by malicious, local unprivileged users to cause all local NFSv4 mounts to become unresponsive, which is a state of DoS (Denial of Service).
Solutions
Apply appropriate patches as suggested by vendor
- SPARC Platform
- x86 Platform
Vendor Information
SUN
http://sunsolve.sun.com/search/document.do?assetkey
=1-66-240546-1
References
SUN
http://sunsolve.sun.com/search/document.do?assetkey
=1-66-240546-1
Secunia
http://secunia.com/advisories/31517/
FrSIRT
http://www.frsirt.com/english/advisories/2008/2415
AusCERT
http://www.auscert.org.au/render.html?cid=33&it=9737
SecurityFocus
http://www.securityfocus.com/bid/30753
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
