In association with heise online

« previous | next »
11 August 2006, 11:31

DoS vulnerability in the Linux kernel

A vulnerability has been discovered in the Linux kernel, which enables an attacker to carry out a denial of service attack on server systems. This problem can occur if the affected Linux kernel versions use the EXT3 file system and share directories using the NFS protocol.

A manipulated UDP packet containing an NFS-v2 query with an invalid file handle can trigger a file system panic. This results in the exported directory being remounted as read-only. The error occurs as a result of the incorrect handling of invalid inode numbers in the EXT3 kernel code.

An error report on the Linux kernel mailing list includes a link to a proof of concept exploit. Administrators who work with EXT3 file systems and export directories using NFS should restrict access to exported directories to trusted computers or switch to a kernel version which is not affected by this vulnerability. According to security website SecurityFocus, the vulnerability affects all kernel versions from 2.6 to 2.6.17.7.

See also:

(ehe)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-731356

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit