On Apr 29, 2013, at 4:56 PM, FreeBSD Security Advisories <[email protected]> wrote: > II. Problem Description > > When processing READDIR requests, the NFS server does not check that > it is in fact operating on a directory node. An attacker can use a > specially modified NFS client to submit a READDIR request on a file, > causing the underlying filesystem to interpret that file as a > directory.
Can someone clarify if this is exploitable only from hosts/networks allowed in /etc/exports? i.e. if exports would not allow an attacker to mount a filesystem, would they still be able to exploit this? I'm guessing not, but I would have expected "lock down your nfs exports" to be suggested. -- Kevin _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
