4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.4%
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.
CPE | Name | Operator | Version |
---|---|---|---|
freebsd:freebsd | freebsd | eq | 7.4 |
freebsd:freebsd | freebsd | eq | 8.0 |
freebsd:freebsd | freebsd | eq | 8.1 |
freebsd:freebsd | freebsd | eq | 8.2 |