CVE-2008-3915
Published: 11 September 2008
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.
From the Ubuntu Security Team
Johann Dahm and David Richter discovered that NFSv4 did not correctly handle certain file ACLs. If NFSv4 is in use, a local attacker could create a malicious ACL that could cause a system crash, leading to a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-21.43)
|
|
upstream |
Needs triage
|
|
Patches:
other: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f |
||
linux-source-2.6.15
Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-source-2.6.20
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Ignored
(end of life)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-source-2.6.22
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Released
(2.6.22-15.59)
|
|
hardy |
Does not exist
|
|
upstream |
Needs triage
|