Linux Kernel Ext3 Invalid Inode Number Denial of Service

Posted by grouch on Aug 8, 2006 5:30 PM EDT
Mail this story
Print this story

The vulnerability is caused due to an error in ext3 when handling an invalid inode number. This can be exploited by sending a specially crafted NFS request with a V2 procedure (e.g. V2_LOOKUP) that specifies an invalid inode number.

SOLUTION: Grant only trusted users access to affected systems.

Full Story

» Read more about: Story Type: Security; Groups: Kernel, Linux

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.