PT-2017-2368 · Linux+5 · Linux Kernel+5

Ari Kauppi

+1

·

Published

2017-04-17

·

Updated

2023-01-17

·

CVE-2017-7645

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.11
Description The issue is related to the NFSv2/NFSv3 server in the nfsd subsystem, which allows remote attackers to cause a denial of service (system crash) via a long RPC reply. This is due to insufficient input validation, and it is associated with the files net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Recommendations For Linux kernel versions prior to 4.10.11, update to version 4.10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the NFSv2/NFSv3 server to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-1600
ALT-PU-2017-1601
BDU:2017-01568
CESA-2017_1615
CESA-2018_1319
CVE-2017-7645
DLA-993-1
DSA-3886-1
MGASA-2017-0147
MGASA-2017-0148
MGASA-2017-0149
OPENSUSE-SU-2017_1513-1
RHSA-2017:1615
RHSA-2017:1616
RHSA-2017:1647
RHSA-2017_1615
RHSA-2017_1616
RHSA-2018:1319
RHSA-2018_1319
SUSE-SU-2017:1360-1
SUSE-SU-2017:2043-1
SUSE-SU-2017:2046-1
SUSE-SU-2017:2049-1
SUSE-SU-2017:2060-1
SUSE-SU-2017:2061-1
SUSE-SU-2017:2062-1
SUSE-SU-2017:2063-1
SUSE-SU-2017:2064-1
SUSE-SU-2017:2065-1
SUSE-SU-2017:2066-1
SUSE-SU-2017:2067-1
SUSE-SU-2017:2068-1
SUSE-SU-2017:2070-1
SUSE-SU-2017:2072-1
SUSE-SU-2017:2073-1
SUSE-SU-2017:2088-1
SUSE-SU-2017:2091-1
SUSE-SU-2017:2092-1
SUSE-SU-2017:2093-1
SUSE-SU-2017:2095-1
SUSE-SU-2017:2096-1
SUSE-SU-2017:2098-1
SUSE-SU-2017:2099-1
SUSE-SU-2017:2100-1
SUSE-SU-2017:2102-1
SUSE-SU-2017:2103-1
SUSE-SU-2017:2475-1
SUSE-SU-2017:2476-1
SUSE-SU-2017:2497-1
SUSE-SU-2017:2775-1
USN-3312-1
USN-3312-2
USN-3314-1
USN-3361-1
USN-3754-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu