CVE Reference: CVE-2013-3266

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-3266

Description:
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.

CVE Status:
Candidate

References:

ST
  1028491

SAID
  Secunia Advisory: SA53241

FREEBSD
  http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc

DEBIAN
  http://www.debian.org/security/2013/dsa-2672


Return to the previous page.