Signature Detail
Short Name |
NFS:FREEBSD-REDDIR-MEM-COR |
|---|---|
Severity |
High |
Recommended |
No |
Category |
NFS |
Keywords |
FreeBSD NFS Server READDIR Request Memory Corruption |
Release Date |
2013/07/08 |
Update Number |
2280 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
NFS: FreeBSD NFS Server READDIR Request Memory Corruption
This signature detects attempts to exploit a known vulnerability against FreeBSD NFS Server. A successful attack can lead to memory corruption and arbitrary code execution.
Extended Description
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.
Affected Products
- freebsd 8.0
- freebsd 8.1
- freebsd 8.2
- freebsd 8.3
- freebsd 9.0
- freebsd 9.1
References
- CVE: CVE-2013-3266