Описание
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
Отчет
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 7.2 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 5.9 Long Life | kernel | Fixed | RHSA-2017:2472 | 15.08.2017 |
| Red Hat Enterprise Linux 5 Extended Lifecycle Support | kernel | Fixed | RHSA-2017:2412 | 02.08.2017 |
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2017:1723 | 11.07.2017 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2017:2732 | 14.09.2017 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | kernel | Fixed | RHSA-2017:1715 | 11.07.2017 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel | Fixed | RHSA-2017:2428 | 08.08.2017 |
| Red Hat Enterprise Linux 6.5 Telco Extended Update Support | kernel | Fixed | RHSA-2017:2428 | 08.08.2017 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | kernel | Fixed | RHSA-2017:1798 | 24.07.2017 |
| Red Hat Enterprise Linux 6.6 Telco Extended Update Support | kernel | Fixed | RHSA-2017:1798 | 24.07.2017 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
The NFSv2 and NFSv3 server implementations in the Linux kernel through ...
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
ELSA-2017-3565: Unbreakable Enterprise kernel security update (IMPORTANT)
6.5 Medium
CVSS3