kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

Arbitrary Code Execution

kernel is vulnerable to arbitrary code execution. The vulnerability exists as buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation XDR for the Network File System NFS version 4. An attacker on the local network could send a...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The Linux kernel implementation of the Network File System NFS did not properly initialize the file name limit in the nfsserver data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share...

Stop error 0x9E and failover cluster can't come online in Windows Server 2012

Stop error 0x9E and failover cluster can't come online in Windows Server 2012 Symptoms This issue occurs when the following conditions are true: You have a Network File System NFS file server which is hosted on a two-node Windows Server 2012-based clustered storage server. You have the Data...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

CloudForms: RCE vulnerability in NFS schedule backup

A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root...

CloudForms: RCE vulnerability in NFS schedule backup

A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

CVE-2019-17334

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with...

Design/Logic Flaw

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with...

kernel: use-after-free in SMB2_write function in fs/cifs/smb2pdu.c

An flaw was discovered in the Linux kernel's CIFS client implementation. While issuing an SMB2write, a value can be used after it was intended to be freed when CIFS function tracing is enabled. Even though the data is used after being freed, using it to for privilege escalation does not seem...

Debian DLA-1965-1 : nfs-utils security update

In the nfs-utils package, providing support files for Network File System NFS including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root...

[SECURITY] [DLA 1965-1] nfs-utils security update

Package : nfs-utils Version : 1.2.8-9+deb8u1 CVE ID : CVE-2019-3689 Debian Bug : 940848 In the nfs-utils package, providing support files for Network File System NFS including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and manag...

DEBIAN-CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

DEBIAN-CVE-2019-14202

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfsreadlinkreply...

DEBIAN-CVE-2019-14201

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfslookupreply...