SID 1-44638

Report a false positive

Rule Category

PROTOCOL-RPC -- Snort has detected traffic that may indicate the presence of the rpc protocol or vulnerabilities in the rpc protocol on the network.

Alert Message

PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt

Rule Explanation

This event is generated when Snort detects traffic exploiting an out of bounds read vulnerability in the Linux Kernel nfsd module. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2017-8797

Additional Links

access.redhat.com/security/cve/cve-2017-8797

Rule Vulnerability

CVE Additional Information

CVE-2017-8797
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
Details
Severity Base Score7.5
Impact Score3.6 Exploit Score3.9
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactHIGH Access Vector
Authentication Ease of Access

Affected Systems