#VU42700 Permissions, Privileges, and Access Controls in FreeBSD
Vulnerability identifier: #VU42700
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FreeBSD
Operating systems & Components /
Operating system
Vendor: FreeBSD Foundation
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.
Mitigation
Install update from vendor's website.
Vulnerable software versions
FreeBSD: 8.3 - 9.1
External links
http://svnweb.freebsd.org/base?view=revision&revision=244226
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
http://www.securityfocus.com/bid/61484
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
