Published: 28/05/2010 Updated: 06/11/2012

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 700

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 up to and including 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 8.0
freebsd freebsd 7.2
freebsd freebsd 8.1-prerelease

/* * nfs_mount_exc -- Patroklos Argyroudis, argp at domain census-labscom * * Local kernel exploit for FreeBSD 80, 73 and 72 * * FreeBSD 80-RELEASE: Local kernel crash/denial-of-service * FreeBSD 73/72-RELEASE: Local privilege escalation * * Discovered and exploited by Patroklos (argp) Argyroudis * * The vulnerability is in n ...

/* * mountnfsexc -- Patroklos Argyroudis, argp at domain census-labscom * * Local kernel exploit for FreeBSD 80, 73 and 72 * * Discovered and exploited by Patroklos (argp) Argyroudis * * The vulnerability is in mountnfs() which is reachable by the mount(2) * and nmount(2) system calls In order for them to be enabled for * unprivil ...

CWE-20 http://securitytracker.com/id?1024039 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc http://www.exploit-db.com/exploits/14002 http://www.exploit-db.com/exploits/14003 https://nvd.nist.gov https://www.exploit-db.com/exploits/14002/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2020

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect