In association with heise online

11 August 2006, 10:31

DoS vulnerability in the Linux kernel

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability has been discovered in the Linux kernel, which enables an attacker to carry out a denial of service attack on server systems. This problem can occur if the affected Linux kernel versions use the EXT3 file system and share directories using the NFS protocol.

A manipulated UDP packet containing an NFS-v2 query with an invalid file handle can trigger a file system panic. This results in the exported directory being remounted as read-only. The error occurs as a result of the incorrect handling of invalid inode numbers in the EXT3 kernel code.

An error report on the Linux kernel mailing list includes a link to a proof of concept exploit. Administrators who work with EXT3 file systems and export directories using NFS should restrict access to exported directories to trusted computers or switch to a kernel version which is not affected by this vulnerability. According to security website SecurityFocus, the vulnerability affects all kernel versions from 2.6 to

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit