CVE-2009-3726
CVE-2009-3726
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/10202unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=529227http://secunia.com/advisories/37909http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/40218https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636