CVE-2010-2521
The MITRE CVE dictionary describes this issue as:
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions.
Find out more about CVE-2010-2521 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 3 as it did not include support for Network File System (NFS) version 4. Future updates in Red Hat Enterprise 4, 5, and Red Hat Enterprise MRG may address this flaw.
CVSS v2 metrics
| Base Score | 8.3 |
|---|---|
| Base Metrics | AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Adjacent Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) | RHSA-2010:0893 | 2010-11-16 |
| Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) | RHSA-2010:0907 | 2010-11-23 |
| Red Hat Enterprise Linux 4 (kernel) | RHSA-2010:0606 | 2010-08-05 |
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2010:0610 | 2010-08-10 |
| MRG Grid for RHEL 5 Server (kernel-rt) | RHSA-2010:0631 | 2010-08-17 |
CVE description copyright © 2017, The MITRE Corporation