-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0021 Title: Linux Kernel NFS Implementation. Local Denial of Service Vulnerability [1] Version history: 24.02.2012 Initial publication Summary ======= The NFS implementation in the Linux kernel is prone to a local denial-of-service vulnerability due to null-pointer dereference error. CVE-2011-4325 Severity Level: CVSS2 Base 4.9 (MEDIUM) (AV:L/AC:L/Au:N/C:N/I:N/A:C) [2] Potential impact ================ Attackers can exploit this vulnerablility to crash the kernel , causing a denial of service to legitimate users. Vulnerable Systems ================== Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 5 OpenVZ Project OpenVZ 028stab095.1 Linux Kernel - Various versions [3] What can you do? ================ Updates are available.[1] What to tell your users? ======================== Standard security best practices apply: Do not accept or execute files from untrusted or unknown sources. To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. Do not follow links provided by unknown or untrusted sources. To reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources. More information ================ [1] https://bugzilla.redhat.com/show_bug.cgi?id=755455 [2] More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html [3] http://www.securityfocus.com/bid/51366/solution Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPR4DWAAoJEPpzpNLI8SVoTB4QAJZEelT2+MIUthAP23M/G5v/ ncLUNPMc0Prz1HRZFcPLK7ikBbDVt6HFxlGP/RvHs6UTosvzjWMv1wihKxD50ibE 748dZ+LAIVYZlvO5MRDB9LyjKTYFNTrpPfEiNZMRLsxjprY0ZyWYNiLeC6oU5Hou X3M07WlmbPTRdvHoKc5lyHxhXTAmK4RA8TN2+Fln41FRan4FlaE7eaCuTyXT4HWa 9nO8FIhHYnF5adIHijycHpaM+dwGFFybOP7Y+wigkD9WH30CK4qlUX6TJ8W4I4Lj SvRFymqoIiLMdpXKdJ/VLrph2t6oVftoKMgbj378cFrclj/2WIPFbM6vnuW45jfB sABByDQA6ddrcljibhRtaz1E4D4LQmlll3ITaobZdv7uq1YblJTtKtdU6GDKQZSt 4z5GgW6P5sANyxpsVH1QSh1xx8YXbF9o1PRHcSoLhoHCVdQiLrfOgVxMcOt/JaNf uDqb7t3XIRp3AWzzIVjKP+aS+GYPeUJ0QGcZn7h0hYLSeK02QHC5knGXv32T3lwN 3UPYpH29BiCmbC45oFnhX+3QOC0tl2a5PLU61mNajYNJjXWusX3aVKvrcSYZA1ds M3goeY/dKMtliGrVEkyUgMYvOzvLhMNXhnHaNNFVSRgwQ0+VKkqwHFTApjbGVAKi N1smvefMkJ29LKSzScP9 =V4fJ -----END PGP SIGNATURE-----