CVE-2013-4851

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
freebsdfreebsd
8.3
freebsdfreebsd
9.0
freebsdfreebsd
9.1
freebsdfreebsd
9.1:p4
freebsdfreebsd
9.1:p5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kfreebsd-8
saucy
dne
raring
dne
quantal
dne
precise
dne
lucid
ignored
Common Weakness Enumeration
References
http://svnweb.freebsd.org/base?view=revision&revision=244226
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
http://www.securityfocus.com/bid/61484
http://svnweb.freebsd.org/base?view=revision&revision=244226
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
http://www.securityfocus.com/bid/61484