CVE-2010-2020

NameCVE-2010-2020
Descriptionsys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs584930

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kfreebsd-6source(unstable)(unfixed)
kfreebsd-7source(unstable)7.3-2
kfreebsd-8source(unstable)8.0-6584930

Notes

[lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default)
[lenny] - kfreebsd-7 <no-dsa> (Minor issue, not enabled by default)

Search for package or bug name: Reporting problems