CVE-2013-5710

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.3 through 9.2

Description The issue concerns the nullfs implementation in the kernel, specifically in sys/fs/nullfs/null vnops.c. It allows local users with certain permissions to bypass access restrictions. This is achieved by creating a hardlink in a nullfs instance to a file in a different instance.

Recommendations For FreeBSD versions 8.3 through 9.2, consider restricting access to nullfs instances to minimize the risk of exploitation. As a temporary workaround, limit the ability of local users to create hardlinks between different nullfs instances until a patch is available.