CVE-2014-1453

The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/57760	Vendor Advisory
http://secunia.com/advisories/59034
http://www.debian.org/security/2014/dsa-2952
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc	Vendor Advisory
http://www.securityfocus.com/bid/66726
http://www.securitytracker.com/id/1030041
http://secunia.com/advisories/57760	Vendor Advisory
http://secunia.com/advisories/59034
http://www.debian.org/security/2014/dsa-2952
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc	Vendor Advisory
http://www.securityfocus.com/bid/66726
http://www.securitytracker.com/id/1030041

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:8.3:::::::*
	cpe:2.3:o:freebsd:freebsd:8.4:::::::*
	cpe:2.3:o:freebsd:freebsd:9.0:::::::*
	cpe:2.3:o:freebsd:freebsd:9.0:beta1::::::
	cpe:2.3:o:freebsd:freebsd:9.0:beta2::::::
	cpe:2.3:o:freebsd:freebsd:9.0:beta3::::::
	cpe:2.3:o:freebsd:freebsd:9.1:::::::*
	cpe:2.3:o:freebsd:freebsd:9.1:p4::::::
	cpe:2.3:o:freebsd:freebsd:9.1:p5::::::
	cpe:2.3:o:freebsd:freebsd:9.2:::::::*
	cpe:2.3:o:freebsd:freebsd:9.2:prerelease::::::
	cpe:2.3:o:freebsd:freebsd:9.2:rc1::::::
	cpe:2.3:o:freebsd:freebsd:9.2:rc2::::::
	cpe:2.3:o:freebsd:freebsd:10.0:::::::*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/57760 - Vendor Advisory~~	() http://secunia.com/advisories/57760 - Vendor Advisory
References	~~() http://secunia.com/advisories/59034 -~~	() http://secunia.com/advisories/59034 -
References	~~() http://www.debian.org/security/2014/dsa-2952 -~~	() http://www.debian.org/security/2014/dsa-2952 -
References	~~() http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc - Vendor Advisory~~	() http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/66726 -~~	() http://www.securityfocus.com/bid/66726 -
References	~~() http://www.securitytracker.com/id/1030041 -~~	() http://www.securitytracker.com/id/1030041 -

Information

Published : 2014-04-16 18:37

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1453

Mitre link : CVE-2014-1453

CVE.ORG link : CVE-2014-1453

JSON object : View

Products Affected

freebsd

freebsd

CWE

CWE-399

Resource Management Errors

4.0 /10