Your submission was sent successfully! Close

CVE-2008-3915

Published: 11 September 2008

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

From the Ubuntu security team

Johann Dahm and David Richter discovered that NFSv4 did not correctly handle certain file ACLs. If NFSv4 is in use, a local attacker could create a malicious ACL that could cause a system crash, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy
Released (2.6.24-21.43)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream Needs triage

linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Ignored
(end-of-life)
gutsy Does not exist

hardy Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy
Released (2.6.22-15.59)
hardy Does not exist

upstream Needs triage