CVE-2010-2020 Information

Description

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE when vfs.usermount is enabled does not validate the length of a certain fhsize parameter which allows local users to gain privileges via a crafted mount request.

Reference

http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc http://securitytracker.com/id?1024039 http://www.exploit-db.com/exploits/14002 http://www.exploit-db.com/exploits/14003