CVE-2011-1739

The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
freebsdfreebsd
7.4
freebsdfreebsd
8.0
freebsdfreebsd
8.1
freebsdfreebsd
8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/44307
http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc
http://securitytracker.com/id?1025425
http://www.securityfocus.com/bid/47517
http://www.vupen.com/english/advisories/2011/1076
https://exchange.xforce.ibmcloud.com/vulnerabilities/66981
http://secunia.com/advisories/44307
http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc
http://securitytracker.com/id?1025425
http://www.securityfocus.com/bid/47517
http://www.vupen.com/english/advisories/2011/1076
https://exchange.xforce.ibmcloud.com/vulnerabilities/66981