Information disclosure in Linux kernel - CVE-2018-1000028
Published: March 12, 2018
Vulnerability identifier: #VU10917
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1000028
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the Network File System (NFS) server used by the Linux Kernel due to improper access control protections for the NFS server. A remote attacker can view or modify sensitive information from a targeted system via the NFS service and conduct further attacks.
The weakness exists in the Network File System (NFS) server used by the Linux Kernel due to improper access control protections for the NFS server. A remote attacker can view or modify sensitive information from a targeted system via the NFS service and conduct further attacks.
How to mitigate CVE-2018-1000028
Install update from vendor's website.