Lucene search

[email protected]CVE-2011-1739

HistoryMay 03, 2011 - 8:55 p.m.

CVE-2011-1739

2011-05-0320:55:12

CWE-20

[email protected]

web.nvd.nist.gov

freebsd

mountd

cve-2011-1739

nfs

access restrictions

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.

Affected configurations

NVD

Node

freebsdfreebsdMatch7.4

freebsdfreebsdMatch8.0

freebsdfreebsdMatch8.1

freebsdfreebsdMatch8.2

CPENameOperatorVersion
freebsd:freebsdfreebsdeq7.4
freebsd:freebsdfreebsdeq8.0
freebsd:freebsdfreebsdeq8.1
freebsd:freebsdfreebsdeq8.2

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	7.4
freebsd:freebsd	freebsd	eq	8.0
freebsd:freebsd	freebsd	eq	8.1
freebsd:freebsd	freebsd	eq	8.2

References

secunia.com/advisories/44307

security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc

securitytracker.com/id?1025425

www.securityfocus.com/bid/47517

www.vupen.com/english/advisories/2011/1076

exchange.xforce.ibmcloud.com/vulnerabilities/66981

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for CVE-2011-1739

freebsd1 openvas4 nvd1 securityvulns2 freebsd_advisory1 cvelist1 prion1 nessus1