Lucene search

[email protected]CVE-2013-4851

HistoryJul 29, 2013 - 1:59 p.m.

CVE-2013-4851

2013-07-2913:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4851

nfs server

freebsd

file permissions

remote attack

authorization bypass

6.2 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.2%

JSON

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.

CPENameOperatorVersion
freebsd:freebsdfreebsdeq9.0
freebsd:freebsdfreebsdeq9.1
freebsd:freebsdfreebsdeq8.3

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	9.0
freebsd:freebsd	freebsd	eq	9.1
freebsd:freebsd	freebsd	eq	8.3

References

svnweb.freebsd.org/base?view=revision&revision=244226

www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc

www.securityfocus.com/bid/61484

6.2 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2013-4851

prion1 cvelist1 ubuntucve1 securityvulns2 nessus2 seebug1 freebsd_advisory1 freebsd1 openvas2 debian1 osv1