SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Nfs Vendors:   NetBSD
(NetBSD Issues Fix) Network File System (NFS) Flaw in Processing Zero-Length RPC Messages Allows Remote Users to Crash the System
SecurityTracker Alert ID:  1005233
SecurityTracker URL:  http://securitytracker.com/id/1005233
CVE Reference:   CVE-2002-0830   (Links to External Site)
Updated:  Nov 18 2003
Original Entry Date:  Sep 17 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A denial of service vulnerability was reported in the Network File System (NFS) code. A remote user could cause the NFS server to crash.

It is reported that the NFS code that processes incoming remote procedure call (RPC) messages contains a flaw. A remote user can send an RPC message with a zero-length payload to cause the NFS server to reference the payload from the previous message, creating a loop in the message chain. The resulting infinite loop could cause the NFS process or the entire server to crash.

[Editor's note: This was reported by FreeBSD in August 2002.]

Impact:   A remote user can cause the NFS server to crash.
Solution:   NetBSD has released a fix. A full upgrade to NetBSD 1.6 is the recommended resolution for all users able to do so, according to NetBSD.

The following instructions describe how to upgrade your kernel by updating your source tree and rebuilding and installing a new version of kernel.

* NetBSD-current:

Systems running NetBSD-current dated from before 2002-08-03 should be upgraded to NetBSD-current dated 2002-08-03 or later.

The following directories need to be updated from the netbsd-current CVS branch (aka HEAD):
sys/nfs

To update from CVS:

# cd src
# cvs update -d -P sys/nfs

Configure, compile, install and boot a new kernel according to the instructions at:

http://www.netbsd.org/Documentation/kernel/#building_a_kernel


* NetBSD 1.6 beta:

Systems running NetBSD 1.6 BETAs and Release Candidates should be upgraded to the NetBSD 1.6 release.

If a source-based point upgrade is required, sources from the NetBSD 1.6 branch dated 2002-08-03 or later should be used.

The following directories need to be updated from the netbsd-1-6 CVS branch:

sys/nfs

To update from CVS:

# cd src
# cvs update -d -P -r netbsd-1-6 sys/nfs

Configure, compile, install and boot a new kernel according to the instructions at:

http://www.netbsd.org/Documentation/kernel/#building_a_kernel


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

Systems running NetBSD 1.5 sources dated from before 2002-09-05 should be upgraded from NetBSD 1.5 sources dated 2002-09-05 or later.

The following directories need to be updated from the netbsd-1-5 CVS branch:

sys/nfs

To update from CVS:

# cd src
# cvs update -d -P -r netbsd-1-5 sys/nfs

Configure, compile, install and boot a new kernel according to the instructions at:

http://www.netbsd.org/Documentation/kernel/#building_a_kernel

A fix for NetBSD 1.4, 1.4.1, 1.4.2, and 1.4.3 has not been released yet.

Vendor URL:  www.NetBSD.ORG/Security/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  UNIX (NetBSD)
Underlying OS Comments:  1.6 beta, 1.5, 1.4

Message History:   This archive entry is a follow-up to the message listed below.
Sep 17 2002 Network File System (NFS) Flaw in Processing Zero-Length RPC Messages Allows Remote Users to Crash the System



 Source Message Contents

Subject:  NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service



-----BEGIN PGP SIGNED MESSAGE-----


		 NetBSD Security Advisory 2002-013
		 =================================

Topic:		Bug in NFS server code allows remote denial of service

Version:	NetBSD-current:	source prior to Aug 3, 2002
		NetBSD 1.6 beta: source prior to Aug 3, 2002
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected
		NetBSD-1.4.*:	affected

Severity:	remote denial of service

Fixed:		NetBSD-current:		Aug 3, 2002
		NetBSD-1.6 branch:	Aug 3, 2002 (1.6 includes the fix)
		NetBSD-1.5 branch:	September 5, 2002
		NetBSD-1.4 branch:	not yet


Abstract
========

The Network File System (NFS) allows a host to export some or all of
its filesystems, or parts of them, so that other hosts can access them
over the network and mount them as if they were on local disks.  NFS is
built on top of the Sun Remote Procedure Call (RPC) framework.

An attacker in a position to send RPC messages to an affected NetBSD
system can construct a sequence of malicious RPC messages that cause
the target system to lock up.


Technical Details
=================

A part of the NFS server code charged with handling incoming RPC
messages had an error which, when the server received a message with a
zero-length payload, would cause it to reference the payload from the
previous message, creating a loop in the message chain.  This would
later cause an infinite loop in a different part of the NFS server
code which tried to traverse the chain.

Certain Linux implementations of NFS produce zero-length RPC messages
in some cases.  A NetBSD system running an NFS server may lock up
when such clients connect.


Solutions and Workarounds
=========================

If possible, disable the NFS server on your machine.  It is
still preferable to apply the following fixes to prevent using
vulnerable NFS code in the future.

The recent NetBSD 1.6 release is not vulnerable to this issue. A full
upgrade to NetBSD 1.6 is the recommended resolution for all users able
to do so. Many security-related improvements have been made, and
indeed this release has been delayed several times in order to include
fixes for a number of recent issues.

The following instructions describe how to upgrade your kernel
by updating your source tree and rebuilding and
installing a new version of kernel.

* NetBSD-current:

	Systems running NetBSD-current dated from before 2002-08-03
	should be upgraded to NetBSD-current dated 2002-08-03 or later.

	The following directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		sys/nfs

	To update from CVS:

		# cd src
		# cvs update -d -P sys/nfs

	Configure, compile, install and boot a new kernel according to
	the instructions at:
	    http://www.netbsd.org/Documentation/kernel/#building_a_kernel 


* NetBSD 1.6 beta:

	Systems running NetBSD 1.6 BETAs and Release Candidates should
	be upgraded to the NetBSD 1.6 release.

	If a source-based point upgrade is required, sources from the
	NetBSD 1.6 branch dated 2002-08-03 or later should be used.

	The following directories need to be updated from the
	netbsd-1-6 CVS branch:
		sys/nfs

	To update from CVS:
		# cd src
		# cvs update -d -P -r netbsd-1-6 sys/nfs

	Configure, compile, install and boot a new kernel according to
	the instructions at:
	    http://www.netbsd.org/Documentation/kernel/#building_a_kernel 


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

	Systems running NetBSD 1.5 sources dated from before
	2002-09-05 should be upgraded from NetBSD 1.5 sources dated
	2002-09-05 or later.

	The following directories need to be updated from the
	netbsd-1-5 CVS branch:
		sys/nfs

	To update from CVS:
		# cd src
		# cvs update -d -P -r netbsd-1-5 sys/nfs

	Configure, compile, install and boot a new kernel according to
	the instructions at:
	    http://www.netbsd.org/Documentation/kernel/#building_a_kernel 


* NetBSD 1.4, 1.4.1, 1.4.2, 1.4.3:

	The advisory will be updated with instructions to fix the problem
	for 1.5-based systems.


Thanks To
=========

FreeBSD security officers.  The advisory text is based on their advisory.

The NetBSD Release Engineering teams, for great patience and
assistance in dealing with repeated security issues discovered
recently.


Revision History
================

	2002-09-16	Initial release


More Information
================

An up-to-date PGP signed copy of this release will be maintained at
  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2002-013.txt,v 1.7 2002/09/16 05:17:55 dan Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPYVqUD5Ru2/4N2IFAQF7VwP9HAw6DGiJI3TmxGeVR/7fNquzCXI6QtSJ
evofRBhcsSSNGuTYn9R8KVHdn+f7n8fdc2b3huQ6UCLr3epAgRg6eeCDX8O60fpG
DvKUABOJXx1LoUEkGsNGdTizxg3uoD/2GLCvDLhZZiZ4k9srZRRzFT3neyWWdFln
EFbs33wT+40=
=78tO
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC