Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD NFS server memory corruption
updated since 04.05.2013
Published:04.06.2013
Source:
SecurityVulns ID:13045
Type:remote
Threat Level:
6/10
Description:It's possible to call readdir on plain file.
Affected:FREEBSD : FreeBSD 9.1
 FREEBSD : FreeBSD 8.4
CVE:CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2672-1] kfreebsd-9 security update (04.06.2013)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED] (04.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod