CVE-2018-1000028

Опубликовано: 09 фев. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5.8

CVSS3: 7.4

Описание

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.

Релиз	Статус	Примечание
artful	not-affected
devel	not-affected
esm-infra-legacy/trusty	not-affected
esm-infra/xenial	not-affected	4.4.0-119.143
precise/esm	not-affected
trusty	not-affected
trusty/esm	not-affected
upstream	released	4.15
xenial	not-affected	4.4.0-119.143

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	not-affected	4.4.0-1016.16
esm-infra/xenial	not-affected	4.4.0-1054.63
precise/esm	DNE
trusty	not-affected	4.4.0-1016.16
trusty/esm	not-affected	4.4.0-1016.16
upstream	released	4.15
xenial	not-affected	4.4.0-1054.63

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	not-affected	4.15.0-1023.24~14.04.1
esm-infra/xenial	not-affected	4.15.0-1013.13~16.04.2
precise/esm	DNE
trusty	not-affected	4.15.0-1023.24~14.04.1
trusty/esm	not-affected	4.15.0-1023.24~14.04.1
upstream	released	4.15
xenial	not-affected	4.15.0-1013.13~16.04.2

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.15
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	4.15.0-1014.14~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected	4.15.0-1014.14~16.04.1

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.15
xenial	not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	4.15.0-24.26~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected	4.15.0-24.26~16.04.1

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	4.15.0-24.26~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected	4.15.0-24.26~16.04.1

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	4.4.0-1020.25
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected	4.4.0-1020.25

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	ignored	end of life
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	ignored	end of life
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	ignored	end of life
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	not-affected
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [end of standard support]
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was ignored [end of life, was needs-triage]
precise/esm	DNE
trusty	ignored	end of standard support, was needs-triage
trusty/esm	ignored	end of life, was needs-triage
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [end of standard support]
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	not-affected	4.4.0-119.143~14.04.1
precise/esm	DNE
trusty	not-affected	4.4.0-119.143~14.04.1
trusty/esm	not-affected	4.4.0-119.143~14.04.1
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.15
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	not-affected
devel	not-affected
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected	4.4.0-1086.94

Показывать по

Релиз	Статус	Примечание
artful	not-affected	4.4.0-1088.93
devel	not-affected
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	not-affected	4.4.0-1088.93

Показывать по

Релиз	Статус	Примечание
artful	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.15
xenial	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2018-1000028

EPSS

Процентиль: 58%

0.0037

Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

CVE-2018-1000028

CVSS3: 7.4

redhat

около 8 лет назад

CVE-2018-1000028

CVSS3: 7.4

nvd

почти 8 лет назад

CVE-2018-1000028

CVSS3: 7.4

debian

почти 8 лет назад

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4 ...

GHSA-p7mv-684h-c4rx

CVSS3: 7.4

github

больше 3 лет назад

EPSS

Процентиль: 58%

0.0037

Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3

CVE-2018-1000028

Описание

Пакет linux

Пакет linux-armadaxp

Пакет linux-aws

Пакет linux-azure

Пакет linux-euclid

Пакет linux-flo

Пакет linux-gcp

Пакет linux-gke

Пакет linux-goldfish

Пакет linux-grouper

Пакет linux-hwe

Пакет linux-hwe-edge

Пакет linux-kvm

Пакет linux-linaro-omap

Пакет linux-linaro-shared

Пакет linux-linaro-vexpress

Пакет linux-lts-quantal

Пакет linux-lts-raring

Пакет linux-lts-saucy

Пакет linux-lts-trusty

Пакет linux-lts-utopic

Пакет linux-lts-vivid

Пакет linux-lts-wily

Пакет linux-lts-xenial

Пакет linux-maguro

Пакет linux-mako

Пакет linux-manta

Пакет linux-oem

Пакет linux-qcm-msm

Пакет linux-raspi2

Пакет linux-snapdragon

Пакет linux-ti-omap4

Ссылки на источники

Связанные уязвимости