CVE-2013-4851

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.3 and 9.x through 9.1-RELEASE-p5

Description The issue concerns the NFS server implementation in the kernel, where the vfs hang addrlist function in sys/kern/vfs export.c controls authorization for host/subnet export entries based on group information sent by the client. This allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.

Recommendations For FreeBSD versions 8.3 and 9.x through 9.1-RELEASE-p5, consider restricting access to the NFS server until a patch is available. As a temporary workaround, restrict the use of the vfs hang addrlist function to minimize the risk of exploitation.