|Description||The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
|Debian Bugs||717958, 717959|
Vulnerable and fixed packages
The table below lists information on source packages.
|kfreebsd-9 (PTS)||wheezy, wheezy (security)||9.0-10+deb70.10||fixed|
The information below is based on the following data on fixed versions.
[squeeze] - kfreebsd-8 <not-affected> (FreeBSD NFS server implementation was not supported in squeeze)