FreeBSD Network File System Multiple Security Vulnerabilities

Bugtraq ID:	106192
Class:	Boundary Condition Error
CVE:	CVE-2018-17157 CVE-2018-17158 CVE-2018-17159
Remote:	Yes
Local:	No
Published:	Nov 27 2018 12:00AM
Updated:	Nov 27 2018 12:00AM
Credit:	Jakub Jirasek and Secunia Research.
Vulnerable:	FreeBSD Freebsd 11.2
Not Vulnerable:

FreeBSD Network File System Multiple Security Vulnerabilities

FreeBSD Network File System is prone to following security vulnerabilities:

1. Multiple integer-overflow vulnerabilities.

2. A denial-of-service vulnerability.

An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Versions prior to FreeBSD 11.2-STABLE and FreeBSD 11.2-RELEASE-p5

FreeBSD Network File System Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

FreeBSD Network File System Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

FreeBSD Network File System Multiple Security Vulnerabilities

References:

• FreeBSD Homepage (FreeBSD)
  
• Multiple vulnerabilities in NFS server code (FreeBSD)
  
• Multiple vulnerabilities in NFS server code (FreeBSD-SA-18:03.nfs) (Tenable)