2010-12-02 00:53:16 |
Thomas Bushnell, BSG |
bug |
|
|
added bug |
2010-12-02 00:53:50 |
Thomas Bushnell, BSG |
bug |
|
|
added subscriber Goobuntu Team |
2010-12-02 00:57:23 |
scm |
tags |
|
glucid |
|
2010-12-02 00:57:28 |
scm |
bug |
|
|
added subscriber scm |
2010-12-02 03:26:12 |
scm |
bug |
|
|
added subscriber Etienne Goyer |
2010-12-02 15:34:52 |
Jamie Strandboge |
security vulnerability |
yes |
no |
|
2010-12-02 15:34:54 |
Jamie Strandboge |
removed subscriber Ubuntu Security Team |
|
|
|
2010-12-02 15:51:57 |
Etienne Goyer |
bug |
|
|
added subscriber Canonical Kernel Team |
2010-12-02 19:42:34 |
Thomas Bushnell, BSG |
attachment added |
|
dmesg from a failing machine; the process that died is an instance of "top" https://bugs.launchpad.net/ubuntu/+bug/683938/+attachment/1753362/+files/msg |
|
2010-12-02 19:43:09 |
Thomas Bushnell, BSG |
attachment added |
|
ubuntu-bug linux output https://bugs.launchpad.net/ubuntu/+bug/683938/+attachment/1753364/+files/apport.linux-image-2.6.32-26-generic.zskWvp.apport |
|
2010-12-03 15:02:49 |
Stefan Bader |
affects |
ubuntu |
linux (Ubuntu) |
|
2010-12-03 15:02:49 |
Stefan Bader |
linux (Ubuntu): importance |
Undecided |
High |
|
2010-12-03 15:02:49 |
Stefan Bader |
linux (Ubuntu): status |
New |
Triaged |
|
2010-12-03 15:02:49 |
Stefan Bader |
linux (Ubuntu): assignee |
|
Stefan Bader (stefan-bader-canonical) |
|
2010-12-03 20:28:56 |
Stefan Bader |
bug watch added |
|
http://bugzilla.kernel.org/show_bug.cgi?id=24302 |
|
2010-12-03 20:28:56 |
Stefan Bader |
bug task added |
|
linux |
|
2010-12-07 16:09:39 |
Stefan Bader |
visibility |
private |
public |
|
2010-12-08 15:42:36 |
Jeremy Foshee |
tags |
glucid |
glucid kernel-series-unknown |
|
2010-12-09 10:23:32 |
Stefan Bader |
attachment added |
|
Patch to pass the right number of client commands https://bugs.launchpad.net/ubuntu/+source/linux/+bug/683938/+attachment/1760614/+files/0001-NFS-Fix-panic-after-nfs_umount.patch |
|
2010-12-09 10:24:19 |
Stefan Bader |
nominated for series |
|
Ubuntu Lucid |
|
2010-12-09 10:24:19 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Lucid) |
|
2010-12-09 10:24:19 |
Stefan Bader |
nominated for series |
|
Ubuntu Maverick |
|
2010-12-09 10:24:19 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Maverick) |
|
2010-12-09 10:25:00 |
Stefan Bader |
linux (Ubuntu Lucid): importance |
Undecided |
High |
|
2010-12-09 10:25:00 |
Stefan Bader |
linux (Ubuntu Lucid): status |
New |
In Progress |
|
2010-12-09 10:25:00 |
Stefan Bader |
linux (Ubuntu Lucid): assignee |
|
Stefan Bader (stefan-bader-canonical) |
|
2010-12-09 10:25:28 |
Stefan Bader |
linux (Ubuntu Maverick): importance |
Undecided |
High |
|
2010-12-09 10:25:28 |
Stefan Bader |
linux (Ubuntu Maverick): status |
New |
Triaged |
|
2010-12-09 10:25:28 |
Stefan Bader |
linux (Ubuntu Maverick): assignee |
|
Stefan Bader (stefan-bader-canonical) |
|
2010-12-09 10:27:36 |
Stefan Bader |
tags |
glucid kernel-series-unknown |
lucid maverick natty patch |
|
2010-12-09 10:38:15 |
Stefan Bader |
description |
Create an automount indirect map entry to a nfs server that will deny the mount with a permission denied error.
Create a symlink on some mounted NFS partition pointing at the name of that automount indirect map entry.
Chase the symlink with ls, etc.
Notice that the automounter tries and fails to mount the partition. (visible with automount -d -f, say)
In a few minutes, depending on system activity, the kernel will crash with the symptoms of a memory corruption error. |
SRU justification:
Impact: When trying to mount an export where server and client have no common authentication method, the client will abort the mount by sending an advisory unmount message to the server. A bug in the RPC client setup causes the sunrpc code to access memory outside an allocated array, which will sooner or later cause the kernel to crash.
Fix: Patch from upstream (about to be submitted and targeted for stable too) changes the setup to use the actual array size instead of a manually entered number.
Testcase:
Server exports a mount with an authentication method the client does not support, eg.:
[/etc/exports] /srv/foo *(rw,sec=krb5)
Client tries to mount this directory with no special authentication method:
while true; do mount <server>:/srv/foo /mnt; sync; sleep 1; done
---
Create an automount indirect map entry to a nfs server that will deny the mount with a permission denied error.
Create a symlink on some mounted NFS partition pointing at the name of that automount indirect map entry.
Chase the symlink with ls, etc.
Notice that the automounter tries and fails to mount the partition. (visible with automount -d -f, say)
In a few minutes, depending on system activity, the kernel will crash with the symptoms of a memory corruption error.
|
|
2010-12-09 17:31:14 |
Brian Murray |
bug |
|
|
added subscriber Jeremy Foshee |
2010-12-09 20:48:11 |
Tim Gardner |
linux (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
2010-12-09 20:48:28 |
Tim Gardner |
linux (Ubuntu Maverick): status |
Triaged |
Fix Committed |
|
2010-12-09 20:48:50 |
Tim Gardner |
nominated for series |
|
Ubuntu Natty |
|
2010-12-09 20:48:50 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Natty) |
|
2010-12-09 20:49:12 |
Tim Gardner |
linux (Ubuntu Natty): status |
Triaged |
Fix Committed |
|
2010-12-09 20:52:58 |
Tim Gardner |
bug |
|
|
added subscriber Tim Gardner |
2010-12-10 08:59:55 |
Stefan Bader |
tags |
lucid maverick natty patch |
kernel-server lucid maverick natty patch |
|
2010-12-10 10:00:28 |
Launchpad Janitor |
linux (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
2011-01-12 23:00:35 |
Martin Pitt |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2011-01-12 23:00:42 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
2011-01-12 23:00:48 |
Martin Pitt |
tags |
kernel-server lucid maverick natty patch |
kernel-server lucid maverick natty patch verification-needed |
|
2011-01-17 22:34:17 |
Brad Figg |
tags |
kernel-server lucid maverick natty patch verification-needed |
kernel-server lucid maverick natty patch verification-done |
|
2011-01-18 08:18:37 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-ec2 |
|
2011-01-24 09:24:54 |
Bug Watch Updater |
linux: status |
Unknown |
Confirmed |
|
2011-01-25 09:27:38 |
Bug Watch Updater |
linux: status |
Confirmed |
Fix Released |
|
2011-01-26 09:27:28 |
Launchpad Janitor |
linux (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2011-01-26 09:27:28 |
Launchpad Janitor |
cve linked |
|
2010-0435 |
|
2011-01-26 09:27:28 |
Launchpad Janitor |
cve linked |
|
2010-4165 |
|
2011-01-26 09:27:28 |
Launchpad Janitor |
cve linked |
|
2010-4169 |
|
2011-01-26 09:27:28 |
Launchpad Janitor |
cve linked |
|
2010-4249 |
|
2011-01-27 07:49:25 |
Launchpad Janitor |
linux (Ubuntu Maverick): status |
Fix Committed |
Fix Released |
|
2011-02-03 14:56:51 |
Bug Watch Updater |
linux: importance |
Unknown |
Medium |
|
2011-02-04 15:29:31 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-mvl-dove |
|
2011-02-04 15:29:48 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/maverick-proposed/linux-mvl-dove |
|
2015-02-12 07:04:09 |
Mathew Hodson |
cve unlinked |
2010-4249 |
|
|