Note: This is an archival copy of Security Sun Alert 240546 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019524.1.
Solaris 10 Operating System
Date of Resolved Release
Denial of Service Vulnerability in NFSv4 Client Kernel Module:
A security vulnerability in the NFSv4 client kernel module may allow a local unprivileged user who cooperates with a remote privileged user on an NFSv4 server to be able to cause all NFSv4 mounts on client systems which have an NFSv4 mount of the above NFSv4 server to become unresponsive. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
Note 2: To determine what version of NFS an NFS mount is using the nfsstat(1M) command can be used:
$ nfsstat -m /mnt/pointThe number after the "vers=" string indicates the version of NFS in use for the mounted file system.
Note 3: This issue only affects NFS environments where NFSv4 is in use as well as automountd(1M). Solaris 10 and later NFS clients and servers default to NFSv4. This is configurable by editing the /etc/default/nfs file (see nfs(4)).
To determine if the autofs mount/unmount daemon is enabled, the following command can be run:
$ svcs svc:/system/filesystem/autofs:defaultNote 4: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived.
To determine the base build of OpenSolaris, the following command can be used:
$ uname -v3. Symptoms
If the described issue is exploited, all NFSv4 mounts on systems which have an NFSv4 mount on an NFSv4 server which has been compromised will become unresponsive. Depending on the file system configuration, this may lead to a system hang.
To work around the described issue, NFS client systems can be configured not to use NFSv4 by setting "NFS_CLIENT_VERSMAX=3" in "/etc/default/nfs". Please refer to nfs(4) documentation.
This issue is resolved in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment