CVE-2018-17158

Sažetak

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

Reference

http://www.securityfocus.com/bid/106192
http://www.securitytracker.com/id/1042164
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

31-12-2018 - 16:44

Objavljeno

04-12-2018 - 15:29