CVE-2010-2020

Freebsd - Improper Input Validation

Title source: rule

Description

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Patroklos Argyroudis · clocalfreebsd

https://www.exploit-db.com/exploits/14002

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Patroklos Argyroudis · cdosfreebsd

https://www.exploit-db.com/exploits/14003

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024039

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/14002

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/14003

Scores

EPSS 0.0005

EPSS Percentile 16.2%

Details

CWE

CWE-20

Status published

Products (3)

freebsd/freebsd 7.2 (3 CPE variants)

freebsd/freebsd 8.0

freebsd/freebsd 8.1-prerelease

Published May 28, 2010

Tracked Since Feb 18, 2026