A vulnerability in the implementation of the NFS-Servers shipped in the Linux kernel
By Prempal Singh
The NFS server (NFSv2 and NFSv3), part of the Linux kernel, detected remotely operated vulnerability ( CVE-2017-7895 ), allowing to read the contents of memory areas of arbitrary user space and the kernel (1 to 4 Mb) by sending queries to the specially designed NFS.
For a successful attack must have available on the NFS-section entry to mount the system with which the attack takes place.
The problem is caused by an error when adding the brought changes to the code fs / nfsd more than 10 years ago (in preparation for 2.6.22 kernel). The vulnerability is eliminated in releases 4.11 and 4.10.13. The distributions of the problem still remains uncorrected ( the Debian , of RHEL , of Ubuntu , the SUSE ).