CVE-2018-17157
published 2018-12-04CVE-2018-17157: In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
24.17%
97.6th percentile
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | < 11.2 | 11.2 |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for specially crafted NFSv4 requests triggering integer overflow in opcode handling, which may indicate exploitation attempts against the NFS server. ↗
- →Unprivileged remote users with NFS access can trigger the vulnerability; monitor for unexpected NFS connections from untrusted or unauthenticated clients on port 2049. ↗
- →Alert on NFS server crashes or unexpected reboots, which may indicate denial-of-service exploitation of this vulnerability. ↗
- ·Systems that do not provide NFS services are not vulnerable; scope detection efforts to NFS-serving hosts only. ↗
- ·No workaround is available beyond firewall-based access restriction to NFS port 2049; patching to 11.2-STABLE (r340854) or 11.2-RELEASE-p5 (r341088) is required. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
BSD
FreeBSD-SA-18:13.nfs: Multiple vulnerabilities in NFS server code
bsd_advisories·2018-11-27·CVSS 9.8
CVE-2018-17157 [CRITICAL] FreeBSD-SA-18:13.nfs: Multiple vulnerabilities in NFS server code
FreeBSD-SA-18:13.nfs Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in NFS server code
Category: core
Module: nfs
Announced: 2018-11-27
Credits: Jakub Jirasek, Secunia Research at Flexera
Affects: All supported versions of FreeBSD.
Corrected: 2018-11-23 20:41:54 UTC (stable/11, 11.2-STABLE)
2018-11-27 19:42:16 UTC (releng/11.2, 11.2-RELEASE-p5)
CVE Name: CVE-2018-17157, CVE-2018-17158, CVE-2018-17159
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The Network File System (NFS) allows a host to export some or all of its file
systems so that other hosts can access them over the network and mount them
as if they were local. FreeBSD
GHSA
GHSA-rpw7-85c5-fxrp: In FreeBSD before 11
ghsa_unreviewed·2022-05-14
CVE-2018-17157 [CRITICAL] CWE-190 GHSA-rpw7-85c5-fxrp: In FreeBSD before 11
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/106192http://www.securitytracker.com/id/1042164https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.aschttp://www.securityfocus.com/bid/106192http://www.securitytracker.com/id/1042164https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
2018-12-04
Published