Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7645

Опубликовано: 14 апр. 2017
Источник: redhat
CVSS3: 7.5
CVSS2: 7.1
EPSS Средний

Описание

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2018:131908.05.2018
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2017:161628.06.2017
Red Hat Enterprise Linux 7kernelFixedRHSA-2017:161528.06.2017
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2017:164728.06.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-130
https://bugzilla.redhat.com/show_bug.cgi?id=1443615kernel: nfsd: Incorrect handling of long RPC replies

EPSS

Процентиль: 94%
0.16011
Средний

7.5 High

CVSS3

7.1 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-7645

CVSS3: 7.5
ubuntu
около 8 лет назад

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

nvd логотип

CVE-2017-7645

CVSS3: 7.5
nvd
около 8 лет назад

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

debian логотип

CVE-2017-7645

CVSS3: 7.5
debian
около 8 лет назад

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel throu ...

github логотип

GHSA-44rw-fxr4-98fp

CVSS3: 7.5
github
около 3 лет назад

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

oracle-oval логотип

ELSA-2017-3591

oracle-oval
почти 8 лет назад

ELSA-2017-3591: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 94%
0.16011
Средний

7.5 High

CVSS3

7.1 High

CVSS2