Info

Disclosure

Aug 05, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Network File System (NFS) on FreeBSD, NetBSD and OpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a RPC message containing a zero-length payload to a NFS server. This causes the NFS server to reference a previous payload and enter into an infinite loop, resulting in a loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability

Solution

Upgrade to FreeBSD version 4.6.1-RELEASE-p7 or higher, as it has been reported to fix this vulnerability. Also, FreeBSD has released patches for some older versions. Upgrade to NetBSD version 1.6 after the correction date or higher, as it has been reported to fix this vulnerability. Upgrade to OpenBSD version 3.2 or higher, as it has been reported to fix this vulnerability.

Products

NetBSD Foundation, Inc.	NetBSD	1.4
		1.4.x
		1.5
		1.5.1
		1.5.2
		1.5.3
		1.6 beta

The FreeBSD Project	FreeBSD	4.0
		4.1
		4.2x
		4.3x
		4.4x
		4.5x
		4.6x

OpenBSD

3.1

References

CVE ID: 2002-0830 (see also: NVD)
Bugtraq ID: 5402
ISS X-Force ID: 9772
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc http://docs.info.apple.com/article.html?artnum=61798
http://www.openbsd.org/plus32.html
Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch.asc

Credit

Mike Junk - junkisilon.com -

Direct URL: http://osvdb.org/5072

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

NetBSD Foundation, Inc.

NetBSD

The FreeBSD Project

FreeBSD

OpenBSD

OpenBSD

References

Credit