CVE-2024-29937

Name of the Vulnerable Software and Affected Versions OpenBSD versions through 7.4 FreeBSD versions through 14.0-RELEASE

Description The issue is related to a bug in the Network File System (NFS) implementation used in OpenBSD and FreeBSD, allowing remote attackers to execute arbitrary code via a logical error unrelated to memory corruption. This bug can be exploited to gain root privileges on the server. The vulnerability is present in all releases of OpenBSD and FreeBSD up to OpenBSD 7.4 and FreeBSD 14.0-RELEASE. It is noted that the vulnerability can be easily exploited and used to attack systems that use NFS, requiring the ability to mount NFS partitions.

Recommendations For OpenBSD versions through 7.4, update to a newer version that contains a fix for this issue. For FreeBSD versions through 14.0-RELEASE, update to a newer version that contains a fix for this issue. As a temporary workaround, consider limiting NFS access and monitoring network activity until a patch is available. Restrict access to the NFS server to minimize the risk of exploitation.