-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-07:01.nfs Errata Notice
The FreeBSD Project
Topic: NFS server reliability issues
Category: core
Module: sys_nfsserver
Announced: 2007-02-14
Credits: Kostik Belousov,
Pawel Jakub Dawidek,
Padma Bhooma,
Hiroki Sato
Affects: All FreeBSD 6.x releases prior to 6.2-RELEASE
Corrected: 2007-01-07 13:20:24 UTC (RELENG_6, 6.2-STABLE)
2007-02-14 22:30:33 UTC (RELENG_6_1, 6.1-RELEASE-p14)
2007-02-14 22:29:57 UTC (RELENG_6_0, 6.0-RELEASE-p18)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
The Network File System (NFS) allows a host to export some or all of
its file systems so that other hosts can access them over the network
and mount them as if they were on local disks. NFS is built on top of
the Sun Remote Procedure Call (RPC) framework. FreeBSD includes
server and client implementations of NFS.
II. Problem Description
The NFS server subsystem had the following three problems:
- Inconsistent locking that leads to performance degradation and can
cause a system panic during certain operations to manipulate symbolic
links.
- A memory leak in pathname lookup operation.
- A bug that prevents a symbolic link with a particular pathname from
being created.
III. Impact
Under some circumstances, the NFS server subsystem can cause a system
panic due to bugs in the FreeBSD kernel. This can be serious and could
lead to a denial of service especially in an NFS server configuration
where the server shares home directories amongst many clients.
This is because several particular operations from a client can trigger
the panic without special privilege on either the server and the client.
IV. Solution
Perform one of the following:
1) Upgrade your affected system to 6-STABLE, or to the RELENG_6_1 or
RELENG_6_0 errata branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.0 and
6.1 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 6.0]
# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs60.patch
# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs60.patch.asc
[FreeBSD 6.1]
# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs61.patch
# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs61.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
V. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6_1
src/UPDATING 1.416.2.22.2.16
src/sys/conf/newvers.sh 1.69.2.11.2.16
src/sys/nfsserver/nfs_serv.c 1.156.2.2.2.1
src/sys/nfsserver/nfs_srvsubs.c 1.136.2.2.2.1
src/sys/nfsserver/nfsm_subs.h 1.37.6.1
RELENG_6_0
src/UPDATING 1.416.2.3.2.23
src/sys/conf/newvers.sh 1.69.2.8.2.19
src/sys/nfsserver/nfs_serv.c 1.156.4.1
src/sys/nfsserver/nfs_srvsubs.c 1.136.4.1
src/sys/nfsserver/nfsm_subs.h 1.37.4.1
- -------------------------------------------------------------------------
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-07:01.nfs.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFF047GFdaIBMps37IRAlDuAJ9sjXfjvIl+F9/sqZSXksUeagRIAwCePXsA
cb9f5GWVCblMm/Y90CUjYTE=
=g+wq
-----END PGP SIGNATURE-----