PT-2018-9218 · Linux+1 · Linux Kernel+1

Published

2018-02-09

Updated

2019-10-03

CVE-2018-1000028

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Linux kernel versions after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+

Description: The issue is related to an Incorrect Access Control vulnerability in the NFS server (nfsd) that allows remote users to read or write files they should not be able to access via NFS. This can be exploited when the NFS server exports a filesystem with the "rootsquash" options enabled.

Recommendations: For Linux kernel versions 4.15-rc4 and later, 4.14.8 and later, 4.9.76 and later, 4.4.111 and later, update to a version that includes the fix after commit 1995266727fa to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2018-1384

ALT-PU-2018-1401

CVE-2018-1000028

Affected Products

Alt Linux

Linux Kernel

PT-2018-9218 · Linux+1 · Linux Kernel+1

CVE-2018-1000028

Weakness Enumeration

Related Identifiers

Affected Products

References · 8