CVE-2010-2020

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
freebsdfreebsd
7.2
freebsdfreebsd
7.2:pre-release
freebsdfreebsd
7.2:stable
freebsdfreebsd
8.0
freebsdfreebsd
8.1-prerelease
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
http://securitytracker.com/id?1024039
http://www.exploit-db.com/exploits/14002
http://www.exploit-db.com/exploits/14003
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
http://securitytracker.com/id?1024039
http://www.exploit-db.com/exploits/14002
http://www.exploit-db.com/exploits/14003