CVE-2013-4851

EUVD-2013-4696
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
8.3
freebsdfreebsd
9.0
freebsdfreebsd
9.1
freebsdfreebsd
9.1:p4
freebsdfreebsd
9.1:p5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kfreebsd-8
lucid
ignored
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://svnweb.freebsd.org/base?view=revision&revision=244226
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
http://www.securityfocus.com/bid/61484
http://svnweb.freebsd.org/base?view=revision&revision=244226
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
http://www.securityfocus.com/bid/61484