- 02/11/2020 08:10:50 PM (4 years ago)
v8 v9 1 1 = NFS Utilities = 2 2 3 There is a vulnerability in all Linux kernels at the time of this writing that allows remote attackers to mark the ext2 or ext3 filesystem exported via NFS as dirty and needing recovery. A working exploit is available from http://bugzilla.kernel.org/show_bug.cgi?id=6828. If the ext2 or ext3 filesystem is mounted with a non-default "errors=remount-ro" or "errors=panic" option, the attacker will be able to cause it to be remounted read-only on the server, or cause a filesystem panic, respectively. Without those options, the journal is turned off. 3 == DESTDIR == 4 4 5 Any of the following methods is sufficient to resolve the problem: 5 Because of chown during the install, DESTDIR only works if run as root. 6 6 7 * Don't export ext2 and ext3 filesystems via NFS (even read-only) if there is a possibility that the exploit will be used against your server. Use any other filesystem instead of ext2 or ext3. 8 * Don't use the kernel-space NFS server. A userspace NFSv3 server is available from http://unfs3.sourceforge.net/ and can be installed instead of NFS Utilities. 9 * Upgrade the kernel to version 2.6.16.x with x >= 29, or 2.6.17.x with x >= 11 10 7 [wiki:MajorServers Up][[br]] 11 8 [wiki:BlfsNotes Top] 12 13 I'm not sure but I think the MD5-Checksum for nfs-utils-1.0.10 form the stable blfs is incorrect. I got 1949634d0dc896696d8a880bdca622c8 with the Source form kernel.org and with the soruce from http://surfnet.dl.sourceforge.net/sourceforge/nfs/ which I got from SourceForge. 14 15 = DESTDIR = 16 17 Because of chown during the install, DESTDIR only works if run as root.