← back
CVE-2013-4851

CVE-2013-4851

EPSS 2.1%
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://svnweb.freebsd.org/base?view=revision&revision=244226http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.aschttp://www.securityfocus.com/bid/61484