FreeBSD NFS zero-length RPC message denial of service

bsd-nfs-rpc-dos (9772) The risk level is classified as MediumMedium Risk

Description:

FreeBSD and possibly other BSD-based operating systems are vulnerable to a denial of service attack, caused by a vulnerability in the Network File System (NFS). If a remote attacker sends an RPC message with a zero-length payload, the attacker could cause NFS to reference the payload from a previous RPC message and enter into an infinite loop. This would cause the system to eventually become unresponsive. The system must be restarted to regain normal functionality.


Consequences:

Denial of Service

Remedy:

For FreeBSD:
Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-02:36.nfs. See References.

For NetBSD:
Refer to NetBSD Security Advisory 2002-013 for upgrade and workaround information. See References.

For Mac OS X:
Upgrade to the latest version (10.3 or later), available from the Apple Security Update 61798. See References.

References:

  • AppleCare Knowledge Base Document 61798: Security Update 2003-08-14.
  • FreeBSD Security Advisory FreeBSD-SA-02:36.nfs : Bug in NFS server code allows remote denial of service.
  • NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service. (From Full-Disclosure Mailing List archive)
  • BID-5402: Multiple Vendor BSD NFS Zero-Length RPC Message Denial Of Service Vulnerability
  • CVE-2002-0830: Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.
  • OSVDB ID: 5072: Multiple BSD NFS Zero Length Payload RPC Message DoS

Platforms Affected:

  • FreeBSD FreeBSD 4.0
  • FreeBSD FreeBSD 4.1
  • FreeBSD FreeBSD 4.1.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 4.3
  • FreeBSD FreeBSD 4.4
  • FreeBSD FreeBSD 4.5
  • FreeBSD FreeBSD 4.6
  • FreeBSD FreeBSD 4.6.1
  • NetBSD NetBSD 1.4
  • NetBSD NetBSD 1.4.1
  • NetBSD NetBSD 1.4.2
  • NetBSD NetBSD 1.4.3
  • NetBSD NetBSD 1.5
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5.2
  • NetBSD NetBSD 1.5.3
  • NetBSD NetBSD 1.6 beta
  • NetBSD NetBSD CURRENT

Reported:

Aug 05, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page