FreeBSD Security Advisory (mountd)

The FreeBSD Security Team has identified a security bug in mountd.

I. Background

The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call.

II. Problem Description

While parsing the exports(5) table, a network mask in the form of “-network=netname/prefixlength” results in an incorrect network mask being computed if the prefix length is not a multiple of 8.

For example, specifying the ACL for an export as “-network″ would result in a netmask of being used instead of the correct netmask of

III. Impact

When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems.

For a workaround and solution, check out the security advisory: FreeBSD Security Advisory (mountd)

Leave a Reply

Your email address will not be published. Required fields are marked *