Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-4851
HistoryJul 29, 2013 - 1:59 p.m.

CVE-2013-4851

2013-07-2913:59:56
CWE-264
[email protected]
web.nvd.nist.gov
28
cve-2013-4851
nfs server
freebsd
file permissions
remote attack
authorization bypass

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.

Affected configurations

NVD
Node
freebsdfreebsdMatch8.3
OR
freebsdfreebsdMatch9.0
OR
freebsdfreebsdMatch9.1
OR
freebsdfreebsdMatch9.1p4
OR
freebsdfreebsdMatch9.1p5

Related

prion 1
cvelist 1
securityvulns 2
ubuntucve 1
seebug 1
freebsd 1
freebsd_advisory 1
nvd 1
nessus 2
openvas 2
debian 1
osv 1
prion
prion
Authorization
2013-07-29 13:59:00
cvelist
cvelist
CVE-2013-4851
2013-07-28 18:00:00
securityvulns
securityvulns
FreeBSD NFS privilege escalation
2013-07-29 00:00:00
FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver
2013-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2013-4851
2013-07-29 00:00:00
seebug
seebug
FreeBSD 'nfsserver' Module 访问绕过漏洞(CVE-2013-4851)
2013-07-30 00:00:00
freebsd
freebsd
FreeBSD -- Incorrect privilege validation in the NFS server
2013-07-06 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-13:08.nfsserver
2013-07-26 00:00:00
nvd
nvd
CVE-2013-4851
2013-07-29 13:59:56
nessus
nessus
FreeBSD : FreeBSD -- Incorrect privilege validation in the NFS server (e5d2442d-5e76-11e6-a6c3-14dae9d210b8)
2016-08-10 00:00:00
Debian DSA-2743-1 : kfreebsd-9 - privilege escalation/information leak
2013-08-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 2743-1 (kfreebsd-9 - privilege escalation/information leak)
2013-08-27 00:00:00
Debian: Security Advisory (DSA-2743-1)
2013-08-26 00:00:00
debian
debian
[SECURITY] [DSA 2743-1] kfreebsd-9 security update
2013-08-27 00:22:20
osv
osv
kfreebsd-9 - several
2013-08-27 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON
Related for CVE-2013-4851
prion1cvelist1securityvulns2ubuntucve1seebug1freebsd1freebsd_advisory1nvd1nessus2openvas2debian1osv1