In association with heise online

20 February 2007, 10:34

Linux developers fix NFS bug

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Because of a security bug in the Network File System (NFS) code, Greg Kroah-Hartman has released a new version of the Linux kernel. Versions 2.6.18.7, 2.6.19.4 (wrongly given as 2.6.18.4 in the announcement) and 2.6.20.1 differ from their predecessor versions in respect of this bug fix only. The bug could have led to incorrect memory deallocation ("free wrong pointer"), which would at best cause a crash. In the worst case, this kind of bug can lead to remote code execution in the context of the kernel. No information is given about how realistic this scenario is and whether the attacker would need to be able to mount an NFS export.

It is to be assumed that distributors will also quickly integrate the patch into their kernel.

See also:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-732329
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit