6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.7%
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server
implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5
controls authorization for host/subnet export entries on the basis of group
information sent by the client, which allows remote attackers to bypass
file permissions on NFS filesystems via crafted requests.