CVE-2013-4851

Published: 29 July 2013

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.

Priority

Status

Package	Release	Status
kfreebsd-8 Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Released (8.3-7)

References

http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
http://svnweb.freebsd.org/base?view=revision&revision=244226
https://www.cve.org/CVERecord?id=CVE-2013-4851
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717959

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›