|
Family: Denial of Service --> Category: kill_host
FreeBSD nfsd Malformed NFS Mount Request Denial of Service Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to crash remote FreeBSD host
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host is affected by a denial of service vulnerability.
Description :
The NFS server on the remote host appears to be one from FreeBSD that
causes a kernel panic when it receives a malformed NFS mount request
via TCP. An unauthenticated remote attacker can leverage this flaw to
crash the remote host.
See also :
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002982.html
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:10.nfs.asc
Solution :
Use a firewall to restrict access to the NFS server or upgrade / patch
the affected system as described in the vendor advisory above.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:N/A:C/I:N/B:A)
Click HERE for more information and discussions on this network vulnerability scan.
|