漏洞标题
某些文件系统通过NFS存在缓冲区溢出漏洞
漏洞描述信息
在64位系统中,cd9660、tarfs和ext2fs文件系统中VOP_VPTOFH()的实现会导致目标FID缓存溢出4字节,从而引发栈溢出问题。
当NFS服务器导出cd9660、tarfs或ext2fs文件系统时,通过NFS客户机挂载并访问该导出文件系统可以导致服务器崩溃。进一步的利用(例如绕过文件权限检查或远程内核代码执行)在理论上是可能的,但目前尚未有实例证明。特别是,发布的内核编译时启用了栈保护机制,某些溢出实例会被该机制捕获,从而导致崩溃。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
跨界内存写
漏洞标题
Buffer overflow in some filesystems via NFS
漏洞描述信息
On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow.
A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic.
CVSS信息
N/A
漏洞类别
栈缓冲区溢出