CVE-2013-3266

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.0 through 9.1-RELEASE-p3 Debian GNU/Linux (affected versions not specified)

Description The issue concerns a function in the new NFS server that does not properly verify the type of node for a READDIR request, potentially allowing remote attackers to cause a denial of service or possibly execute arbitrary code. Additionally, multiple vulnerabilities in the kfreebsd-9 package of Debian GNU/Linux may lead to breaches of confidentiality, integrity, and availability of protected information, with exploitation possible remotely.

Recommendations For FreeBSD versions 8.0 through 9.1-RELEASE-p3, consider updating to a version where the nfsrvd readdir function is properly patched to verify directory nodes for READDIR requests. For Debian GNU/Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.