Date: Mon, 29 Apr 2013 17:46:45 -0500 From: Kevin Day <toasty@dragondata.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED] Message-ID: <EFA0F554-54AC-42DC-9253-49BB5FCE7AB3@dragondata.com> In-Reply-To: <201304292156.r3TLuoGP052344@freefall.freebsd.org> References: <201304292156.r3TLuoGP052344@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 29, 2013, at 4:56 PM, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > II. Problem Description > > When processing READDIR requests, the NFS server does not check that > it is in fact operating on a directory node. An attacker can use a > specially modified NFS client to submit a READDIR request on a file, > causing the underlying filesystem to interpret that file as a > directory. Can someone clarify if this is exploitable only from hosts/networks allowed in /etc/exports? i.e. if exports would not allow an attacker to mount a filesystem, would they still be able to exploit this? I'm guessing not, but I would have expected "lock down your nfs exports" to be suggested. -- Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EFA0F554-54AC-42DC-9253-49BB5FCE7AB3>