From owner-freebsd-security@FreeBSD.ORG Mon Apr 29 22:50:49 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id DE349AB3 for ; Mon, 29 Apr 2013 22:50:49 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id A6C8E1CF8 for ; Mon, 29 Apr 2013 22:50:49 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 002D7D14E; Mon, 29 Apr 2013 22:50:48 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 8AF36187A; Tue, 30 Apr 2013 00:50:24 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Kevin Day Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED] References: <201304292156.r3TLuoGP052344@freefall.freebsd.org> Date: Tue, 30 Apr 2013 00:50:24 +0200 In-Reply-To: (Kevin Day's message of "Mon, 29 Apr 2013 17:46:45 -0500") Message-ID: <86zjwh9cjz.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2013 22:50:49 -0000 Kevin Day writes: > Can someone clarify if this is exploitable only from hosts/networks > allowed in /etc/exports? i.e. if exports would not allow an attacker > to mount a filesystem, would they still be able to exploit this? I thought that was self-explanatory - the attacker must first mount the filesystem. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no