FreeBSD.NFS.Server.nfsrvd_readdirplus.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service Vulnerability in FreeBSD Project FreeBSD
A remote attacker, who has access to a NFS file system, could exploit this vulnerability by sending a crafted NFSv3 READDIRPLUS or NFSv4 READDIR request to the target server. Successful exploitation could exhaust available memory resources resulting in denial-of-service conditions for the NFS service.

affected-products-logoAffected Products

FreeBSD Project FreeBSD 11.0-Stable prior to r340854
FreeBSD Project FreeBSD 11.2-Releng prior to r341088

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-06 14.627 Severity:medium:high
2019-05-01 14.605 Default_action:pass:drop
2019-04-23 14.598