SUSE CVE-2006-3632

Buffer overflow in Wireshark aka Ethereal 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector...

SUSE CVE-2007-3207

Buffer overflow in the NFS mount daemon XNFS.NLM in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service abend via a long path in a mount request...

SUSE CVE-2007-4135

The NFSv4 ID mapper nfsidmap before 0.17 does not properly handle return values from the getpwnamr function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client...

SUSE CVE-2008-3915

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl...

SUSE CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...

SUSE CVE-2009-1630

The nfspermission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomicopen is available, does not check execute aka EXEC or MAYEXEC permission bits, which allows local users to bypass permissions and execute files, as demonstrated by file...

SUSE CVE-2009-3623

The lookupcbcred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTHNULL authentication flavor, which allows remote attackers to cause a denial of service NULL pointer dereferenc...

SUSE CVE-2010-1087

The nfswaitonrequest function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service Oops via unknown vectors related to truncating a file and an operation that is not interruptible...

SUSE CVE-2010-2521

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...

SUSE CVE-2010-2943

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assign...

SUSE CVE-2011-1090

The nfs4procsetacl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service panic via a crafted attempt to set an ACL...

SUSE CVE-2011-1592

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service application crash via a crafted .pcap file...

SUSE CVE-2011-2491

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

SUSE CVE-2011-2500

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...

SUSE CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

SUSE CVE-2011-4324

The encodeshareaccess function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service BUG and system crash by using the mknod system call with a pathname on an NFSv4 filesystem...

SUSE CVE-2011-4325

The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service NULL pointer dereference and ODIRECT oops, as demonstrated using diotest4 from LTP...

SUSE CVE-2012-4049

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service loop and CPU consumption via a crafted packet...

SUSE CVE-2014-2038

The nfscanextendwrite function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by...

SUSE CVE-2017-7645

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service system crash via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c...