|Check Point Reference:||CPAI-2009-340|
|Date Published:||8 Nov 2009|
|Last Updated:||9 Apr 2018|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Linux is a popular open-source operating system in which the kernel and other programs related to the operating systems are developed by a group of volunteers. The Linux kernel supports a great number of features, including networking, file system, graphics protocols and standards. A security bypass vulnerability exists in Linux kernel. The vulnerability is due to an insecure design in Linux kernel when handling the NFS request, MKNOD. By sending a crafted NFS MKNOD request to a target system, a remote attacker can leverage this vulnerability to create a device on a target system. Successful exploitation of this vulnerability can allow a remote attacker to create a device on a target system, allowing for further compromise on the vulnerable system.|
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: NFS Protection Violation.
Attack Information: Linux Kernel nfsd CAP_MKNOD Security Bypass