Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDE5D2442D-5E76-11E6-A6C3-14DAE9D210B8
HistoryJul 06, 2013 - 12:00 a.m.

FreeBSD -- Incorrect privilege validation in the NFS server

2013-07-0600:00:00
vuxml.freebsd.org
21

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.7%

JSON

Problem Description:
The kernel incorrectly uses client supplied credentials
instead of the one configured in exports(5) when filling out the
anonymous credential for a NFS export, when -network or -host
restrictions are used at the same time.
Impact:
The remote client may supply privileged credentials (e.g. the
root user) when accessing a file under the NFS share, which will bypass
the normal access checks.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd-kernel= 9.1UNKNOWN
FreeBSDanynoarchfreebsd-kernel< 9.1_5UNKNOWN

Related

prion 1
cvelist 1
securityvulns 2
ubuntucve 1
seebug 1
freebsd_advisory 1
cve 1
nvd 1
nessus 2
openvas 2
debian 1
osv 1
prion
prion
Authorization
2013-07-29 13:59:00
cvelist
cvelist
CVE-2013-4851
2013-07-28 18:00:00
securityvulns
securityvulns
FreeBSD NFS privilege escalation
2013-07-29 00:00:00
FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver
2013-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2013-4851
2013-07-29 00:00:00
seebug
seebug
FreeBSD 'nfsserver' Module 访问绕过漏洞(CVE-2013-4851)
2013-07-30 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-13:08.nfsserver
2013-07-26 00:00:00
cve
cve
CVE-2013-4851
2013-07-29 13:59:56
nvd
nvd
CVE-2013-4851
2013-07-29 13:59:56
nessus
nessus
FreeBSD : FreeBSD -- Incorrect privilege validation in the NFS server (e5d2442d-5e76-11e6-a6c3-14dae9d210b8)
2016-08-10 00:00:00
Debian DSA-2743-1 : kfreebsd-9 - privilege escalation/information leak
2013-08-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 2743-1 (kfreebsd-9 - privilege escalation/information leak)
2013-08-27 00:00:00
Debian: Security Advisory (DSA-2743-1)
2013-08-26 00:00:00
debian
debian
[SECURITY] [DSA 2743-1] kfreebsd-9 security update
2013-08-27 00:22:20
osv
osv
kfreebsd-9 - several
2013-08-27 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.7%

JSON
Related for E5D2442D-5E76-11E6-A6C3-14DAE9D210B8
prion1cvelist1securityvulns2ubuntucve1seebug1freebsd_advisory1cve1nvd1nessus2openvas2debian1osv1