CVE-2013-4851
N/A
N/A
Summary
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://svnweb.freebsd.org/base?view=revision&revision=244226
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
- http://www.securityfocus.com/bid/61484
References
- http://svnweb.freebsd.org/base?view=revision&revision=244226
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
- http://www.securityfocus.com/bid/61484
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.