CVE-2018-1000028 (GCVE-0-2018-1000028)

Vulnerability from cvelistv5 – Published: 2018-02-09 23:00 – Updated: 2024-08-05 12:33
VLAI
Summary
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.
CWE
  • n/a
Assigner
References
Date Public
2018-01-22 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:48.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-01-23T00:00:00.000Z",
      "datePublic": "2018-01-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the \"rootsquash\" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T22:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "1/23/2018 13:16:14",
          "ID": "CVE-2018-1000028",
          "REQUESTER": "ben.hutchings@codethink.co.uk",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the \"rootsquash\" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000028",
    "datePublished": "2018-02-09T23:00:00.000Z",
    "dateReserved": "2018-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:33:48.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-1000028",
      "date": "2026-07-16",
      "epss": "0.01411",
      "percentile": "0.69636"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4.111\", \"versionEndIncluding\": \"4.4.119\", \"matchCriteriaId\": \"E778219C-50A1-46C3-B49B-1499375EE810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.9.76\", \"versionEndIncluding\": \"4.9.85\", \"matchCriteriaId\": \"EF7A494F-69FE-49CD-9DE6-82B8FAE48CC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.14.8\", \"versionEndIncluding\": \"4.14.23\", \"matchCriteriaId\": \"CECBFCFD-4F6F-4AF7-96A4-E761A3A475D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.15.1\", \"versionEndIncluding\": \"4.15.7\", \"matchCriteriaId\": \"BF4309DD-084C-4B94-B5BF-288109BCBC21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:4.15:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBC4657A-0239-47DF-B582-87D8DFA69439\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the \\\"rootsquash\\\" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.\"}, {\"lang\": \"es\", \"value\": \"El kernel de Linux, en versiones posteriores al commit con ID bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+, contiene una vulnerabilidad de control de acceso incorrecto en el servidor NFS (nfsd) que puede resultar en que usuarios remotos lean o escriban archivos para los que no deber\\u00edan tener permisos mediante NFS. Este ataque parece ser explotable por un servidor NFS que debe exportar un sistema de archivos con las opciones \\\"rootsquash\\\" habilitadas. Parece ser que la vulnerabilidad se ha solucionado tras el commit con ID 1995266727fa.\"}]",
      "id": "CVE-2018-1000028",
      "lastModified": "2024-11-21T03:39:27.843",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-02-09T23:29:00.933",
      "references": "[{\"url\": \"https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1000028\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-02-09T23:29:00.933\",\"lastModified\":\"2024-11-21T03:39:27.843\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the \\\"rootsquash\\\" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.\"},{\"lang\":\"es\",\"value\":\"El kernel de Linux, en versiones posteriores al commit con ID bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+, contiene una vulnerabilidad de control de acceso incorrecto en el servidor NFS (nfsd) que puede resultar en que usuarios remotos lean o escriban archivos para los que no deber\u00edan tener permisos mediante NFS. Este ataque parece ser explotable por un servidor NFS que debe exportar un sistema de archivos con las opciones \\\"rootsquash\\\" habilitadas. Parece ser que la vulnerabilidad se ha solucionado tras el commit con ID 1995266727fa.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.111\",\"versionEndIncluding\":\"4.4.119\",\"matchCriteriaId\":\"E778219C-50A1-46C3-B49B-1499375EE810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9.76\",\"versionEndIncluding\":\"4.9.85\",\"matchCriteriaId\":\"EF7A494F-69FE-49CD-9DE6-82B8FAE48CC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.8\",\"versionEndIncluding\":\"4.14.23\",\"matchCriteriaId\":\"CECBFCFD-4F6F-4AF7-96A4-E761A3A475D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.1\",\"versionEndIncluding\":\"4.15.7\",\"matchCriteriaId\":\"BF4309DD-084C-4B94-B5BF-288109BCBC21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC4657A-0239-47DF-B582-87D8DFA69439\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "redhat_vex": {
      "aggregate_severity": "Moderate",
      "current_release_date": "2026-06-28T11:48:19+00:00",
      "cve": "CVE-2018-1000028",
      "id": "CVE-2018-1000028",
      "initial_release_date": "2018-01-22T00:00:00+00:00",
      "product_status:known_not_affected": "104",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "kernel: Improper sorting of GIDs in nfsd can lead to incorrect permissions being applied",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000028.json",
      "version": "3"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…