On Apr 29, 2013, at 4:56 PM, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > II. Problem Description > > When processing READDIR requests, the NFS server does not check that > it is in fact operating on a directory node. An attacker can use a > specially modified NFS client to submit a READDIR request on a file, > causing the underlying filesystem to interpret that file as a > directory. Can someone clarify if this is exploitable only from hosts/networks allowed in /etc/exports? i.e. if exports would not allow an attacker to mount a filesystem, would they still be able to exploit this? I'm guessing not, but I would have expected "lock down your nfs exports" to be suggested. -- Kevin _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"