FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED]
Kevin Day
toasty at dragondata.com
Mon Apr 29 22:46:49 UTC 2013
On Apr 29, 2013, at 4:56 PM, FreeBSD Security Advisories <security-advisories at freebsd.org> wrote:
> II. Problem Description
>
> When processing READDIR requests, the NFS server does not check that
> it is in fact operating on a directory node. An attacker can use a
> specially modified NFS client to submit a READDIR request on a file,
> causing the underlying filesystem to interpret that file as a
> directory.
Can someone clarify if this is exploitable only from hosts/networks allowed in /etc/exports? i.e. if exports would not allow an attacker to mount a filesystem, would they still be able to exploit this?
I'm guessing not, but I would have expected "lock down your nfs exports" to be suggested.
-- Kevin
More information about the freebsd-security
mailing list