Vigil@nce - FreeBSD: denial of service via NFS Server
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can rename a directory on a NFS share of FreeBSD, in
order to trigger a denial of service.
Impacted products: FreeBSD
Severity: 2/4
Creation date: 09/04/2014
DESCRIPTION OF THE VULNERABILITY
The FreeBSD product offers a NFS service.
When an authenticated NFS client renames a directory, the
nfsrvd_rename() function uses a lock. However, this lock is taken
in the reverse order. If two renaming operations are performed
simultaneously, a deadlock thus occurs.
An attacker can therefore rename a directory on a NFS share of
FreeBSD, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-NFS-Server-14557