CVE-2017-7895: kernel: NFSv3 server payload bounds checking of WRITE requests

CVE ID

CVE-2017-7895

DESCRIPTION

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

RESOLUTION

Fixed in kernel-2.6.32-696.6.3.el6.x86_64.rpm
The Unitrends security update dated 08/31/2017 or later includes this fix.  

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us