_ _ _____ _ ___ _____ _ _ / / / / ____/ / / _/_ __/ / / / / /_/ / __/ / / / / / / / /_/ / / __ / /___/ /____/ / / / / __ / /_/ /_/_____/_____/___/ /_/ /_/ /_/ Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2008-08-08 Affected Software: OpenBSD Kernel Affected OS : OpenBSD prior 4.4 Type : Remote triggable DoS, local tty DoS OSVDB : CVE : ISS X-Force: : BID : OpenBSD, when configured as NFS Client, is prone to a remote triggable denial of service condition wich can lead to local data corruptions. If a remote attacker can disrupt the communication between the NFS Server and a OpenBSD NFS client a DoS can get trigered if a mounted NFS-share should get unmounted. The shell used to execute the umount command will become unavaiable. A kernel panic can get triggered if the remote user for example shutdowns the client and the communication to the NFS Server is still interupted. Steps to reproduce: At first interupt the connection to the NFS Server by for example unplugging the networkcable. $ umount /mnt/nfs If you like to provoke a kernel panic just shutdown. The risk of this attack should be very low and Thordur Bjornsson, OpenBSD developer, provided patches for OpenBSD 4.4 and later. Kind regards, Rembrandt