2006 matches found
FreeBSD-SA-18:13.nfs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:13.nfs Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in NFS server code Category: core Module: nfs Announced: 2018-11-27 Credits:...
PT-2018-2892 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.x through 4.20 Description: A flaw was found in the Linux kernel's NFS implementation. An attacker who is able to mount an exported NFS filesystem can trigger a null pointer dereference by using an invalid NFS sequence...
CentOS 6 : glusterfs (CESA-2018:2892)
An update for glusterfs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
kernel: nfsd: Incorrect handling of long RPC replies
The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote...
Important: Red Hat Security Advisory: glusterfs security update
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Important: Red Hat Security Advisory: glusterfs security update
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
CVE-2018-2764
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this...
CVE-2018-2718
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: RPC. Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this...
CVE-2018-2764
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this...
Important: Red Hat Security Advisory: glusterfs security update
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
tcpdump: Buffer over-read in print-nfs.c:interp_reply() in NFS parser
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interpreply...
Red Hat OpenShift Enterprise Elevation of Privilege Vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise version 3.7. An...
DEBIAN-CVE-2018-1066
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...
Linux kernel NFS server (nfsd) file read vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. The NFS server nfsd is one of the network file system servers. A security vulnerability exists in the NFS server nfsd in versions prior to Linux kernel commit 1995266727fa. A remote...
UBUNTU-CVE-2018-1000028
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS...
DEBIAN-CVE-2018-1000028
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS...
CVE-2017-14387
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...
kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and...
DEBIAN-CVE-2017-13001
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfsprintfh...
DEBIAN-CVE-2017-13005
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xidmapenter...