A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.
The NULL pointer deference allows a remote attacker capable of sending RPC messages to an affected FreeBSD system to crash the FreeBSD system.
Disable the NFS server: set the nfs_server_enable variable to "NO" in /etc/rc.conf, and reboot.
Alternatively, if there are no active NFS clients (as listed by the showmount(8) utility), simply killing the mountd and nfsd processes should suffice.
Add firewall rules to block RPC traffic to the NFS server from untrusted hosts.
Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.