7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.966 High
EPSS
Percentile
99.6%
Problem description:
A part of the NFS server code charged with handling incoming
RPC messages via TCP had an error which, when the server
received a message with a zero-length payload, would cause a
NULL pointer dereference which results in a kernel panic. The
kernel will only process the RPC messages if a userland nfsd
daemon is running.
Impact:
The NULL pointer deference allows a remote attacker capable
of sending RPC messages to an affected FreeBSD system to crash
the FreeBSD system.
Workaround:
Disable the NFS server: set the nfs_server_enable
variable to “NO” in /etc/rc.conf, and reboot.
Alternatively, if there are no active NFS clients (as
listed by the showmount(8) utility), simply killing the
mountd and nfsd processes should suffice.
Add firewall rules to block RPC traffic to the NFS server
from untrusted hosts.