CVE-2009-3623

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.31.2

Description The issue is related to the lookup cb cred function in the nfsd4 subsystem, which attempts to access a credentials cache even when a client specifies the AUTH NULL authentication flavor. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via an NFSv4 mount request.

Recommendations For Linux kernel versions prior to 2.6.31.2, update to version 2.6.31.2 or later to resolve the issue.