certfr_avis - certfr-2017-avi-245

CERTFR-2017-AVI-245

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans le noyau Linux de RedHat. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Extended Life Cycle Support (pour IBM z Systems) 5 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Extended Life Cycle Support 5 i386
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Extended Life Cycle Support 5 x86_64

References

Title

Publication Time

CVE-2017-7895 (GCVE-0-2017-7895)

Vulnerability from cvelistv5

Published

2017-04-28 10:00

Modified

2024-08-05 16:19

Severity ?

CWE

Summary

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2732	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2412	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1798	vendor-advisory, x_refsource_REDHAT
	https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1723	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1615	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1647	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1766	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1616	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2429	vendor-advisory, x_refsource_REDHAT
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3886	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2428	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/98085	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:2472	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1715	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2732",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2732"
          },
          {
            "name": "RHSA-2017:2412",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2412"
          },
          {
            "name": "RHSA-2017:1798",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1798"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309"
          },
          {
            "name": "RHSA-2017:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1723"
          },
          {
            "name": "RHSA-2017:1615",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1615"
          },
          {
            "name": "RHSA-2017:1647",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1647"
          },
          {
            "name": "RHSA-2017:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1766"
          },
          {
            "name": "RHSA-2017:1616",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1616"
          },
          {
            "name": "RHSA-2017:2429",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309"
          },
          {
            "name": "DSA-3886",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3886"
          },
          {
            "name": "RHSA-2017:2428",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2428"
          },
          {
            "name": "98085",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98085"
          },
          {
            "name": "RHSA-2017:2472",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2472"
          },
          {
            "name": "RHSA-2017:1715",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1715"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2017:2732",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2732"
        },
        {
          "name": "RHSA-2017:2412",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2412"
        },
        {
          "name": "RHSA-2017:1798",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1798"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309"
        },
        {
          "name": "RHSA-2017:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1723"
        },
        {
          "name": "RHSA-2017:1615",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1615"
        },
        {
          "name": "RHSA-2017:1647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1647"
        },
        {
          "name": "RHSA-2017:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1766"
        },
        {
          "name": "RHSA-2017:1616",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1616"
        },
        {
          "name": "RHSA-2017:2429",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309"
        },
        {
          "name": "DSA-3886",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3886"
        },
        {
          "name": "RHSA-2017:2428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2428"
        },
        {
          "name": "98085",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98085"
        },
        {
          "name": "RHSA-2017:2472",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2472"
        },
        {
          "name": "RHSA-2017:1715",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1715"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7895",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2732",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2732"
            },
            {
              "name": "RHSA-2017:2412",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2412"
            },
            {
              "name": "RHSA-2017:1798",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1798"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309"
            },
            {
              "name": "RHSA-2017:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1723"
            },
            {
              "name": "RHSA-2017:1615",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1615"
            },
            {
              "name": "RHSA-2017:1647",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1647"
            },
            {
              "name": "RHSA-2017:1766",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1766"
            },
            {
              "name": "RHSA-2017:1616",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1616"
            },
            {
              "name": "RHSA-2017:2429",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2429"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309"
            },
            {
              "name": "DSA-3886",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3886"
            },
            {
              "name": "RHSA-2017:2428",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2428"
            },
            {
              "name": "98085",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98085"
            },
            {
              "name": "RHSA-2017:2472",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2472"
            },
            {
              "name": "RHSA-2017:1715",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1715"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7895",
    "datePublished": "2017-04-28T10:00:00",
    "dateReserved": "2017-04-18T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted