CNVD-2018-05765

Vulnerability from cnvd - Published: 2018-03-20
VLAI
Title
Linux kernel NFS server(nfsd)文件读取漏洞
Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。NFS server(nfsd)是其中的一个网络文件系统服务器。 Linux kernel commit 1995266727fa之前版本中的NFS server(nfsd)存在安全漏洞。远程攻击者可借助NFS利用该漏洞读取或写入文件。
Severity
Patch Name
Linux kernel NFS server(nfsd)文件读取漏洞的补丁
Patch Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。NFS server(nfsd)是其中的一个网络文件系统服务器。 Linux kernel commit 1995266727fa之前版本中的NFS server(nfsd)存在安全漏洞。远程攻击者可借助NFS利用该漏洞读取或写入文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1995266727fa8143897e89b55f5d3c79aa828420

Reference
https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420
Impacted products
Name
Linux Kernel <commit 1995266727fa
Show details on source website

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1000028"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002NFS server\uff08nfsd\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5668\u3002\r\n\r\nLinux kernel commit 1995266727fa\u4e4b\u524d\u7248\u672c\u4e2d\u7684NFS server\uff08nfsd\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9NFS\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u5199\u5165\u6587\u4ef6\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1995266727fa8143897e89b55f5d3c79aa828420",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05765",
  "openTime": "2018-03-20",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002NFS server\uff08nfsd\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5668\u3002\r\n\r\nLinux kernel commit 1995266727fa\u4e4b\u524d\u7248\u672c\u4e2d\u7684NFS server\uff08nfsd\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9NFS\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u5199\u5165\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel NFS server\uff08nfsd\uff09\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel \u003ccommit 1995266727fa"
  },
  "referenceLink": "https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-26",
  "title": "Linux kernel NFS server\uff08nfsd\uff09\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…