Fri Aug 8 18:24:29 CEST 2008

OpenBSD Remote triggable DoS related to NFS

Author:Sebastian "Rembrandt" Rother
Affected Software:OpenBSD Kernel
Affected OS:OpenBSD prior 4.4
Type:Remote triggable Denial of Service

OpenBSD, when configured as NFS Client, is prone to a remote triggable
denial of service condition wich can lead to local data corruptions.
If a remote attacker can disrupt the communication between the NFS Server and
a OpenBSD NFS client a DoS can get trigered if a mounted NFS-share should get
unmounted. The shell used to execute the umount command will become unavaiable.

A kernel panic can get triggered if the remote user for example shutdowns the
client and the communication to the NFS Server is still interupted.

Steps to reproduce:

At first interupt the connection to the NFS Server by for example unplugging the networkcable.

$ umount /mnt/nfs

If you like to provoke a kernel panic just shutdown.

The risk of this attack should be very low and Thordur Bjornsson, OpenBSD developer, provided patches for OpenBSD 4.4 and later.

Posted by Sebastian Rother | Permanent link | File under: openbsd, denial_of_service