Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, buffer overflow of NFSv4 ACLs

September 2008 by Vigil@nce

SYNTHESIS

A local attacker can create an overflow in the nfsd service in order to elevate his privileges.

Gravity: 2/4

Consequences: administrator access/rights

Provenance: user shell

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 05/09/2008

Identifier: VIGILANCE-VUL-8093

IMPACTED PRODUCTS

- Linux kernel [confidential versions]

DESCRIPTION

The Linux kernel implements a NFS service.

POSIX ACLs of shared files are converted to NFS ACLs, represented as ACEs (Access Control Entries). The init_state() function of fs/nfsd/nfs4acl.c allocates memories areas which contain ACEs of users and groups. However, the allocated size is short of 4*numberacl bytes (size difference between posix_user_ace_state and posix_ace_state structures).

A local attacker, allowed to change POSIX ACLs of files shared by NFS, can therefore define several ACLs, in order to generate an overflow. This overflow leads to code execution in the kernel.

CHARACTERISTICS

Identifiers: CVE-2008-3915, VIGILANCE-VUL-8093

https://vigilance.aql.fr/tree/1/8093




See previous articles

    

See next articles