Intrusion Prevention

Linux.Kernel.NFS.v2.v3.Malformed.Write.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in Linux NFSv2 and NFSv3 servers.
The vulnerability is due to improper validation of the end of a buffer when handling a crafted write request. A remote attacker can exploit this to gain unauthorized access to sensitive information.

Affected Products

Linux kernel 4.10.13 and earlier

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the latest update from the vendor
https://access.redhat.com/security/cve/cve-2017-7895

CVE References

CVE-2017-7895