CVE-2018-1000028 Information

Description

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+ 4.14.8+ 4.9.76+ 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the \rootsquash\ options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.4