FreeBSD -- Incorrect privilege validation in the NFS server

ID E5D2442D-5E76-11E6-A6C3-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2013-07-06T00:00:00


Problem Description: The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. Impact: The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks.