fkie_nvd - fkie_cve-2014-1453

fkie_cve-2014-1453

Vulnerability from fkie_nvd

Published

2014-04-16 18:37

Modified

2025-04-12 10:46

Severity ?

Summary

The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/57760	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/59034
cve@mitre.org	http://www.debian.org/security/2014/dsa-2952
cve@mitre.org	http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/66726
cve@mitre.org	http://www.securitytracker.com/id/1030041
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57760	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59034
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2952
af854a3a-2127-422b-91ae-364da2661108	http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66726
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030041

Impacted products

Vendor	Product	Version
freebsd	freebsd	8.3
freebsd	freebsd	8.4
freebsd	freebsd	9.0
freebsd	freebsd	9.0
freebsd	freebsd	9.0
freebsd	freebsd	9.0
freebsd	freebsd	9.1
freebsd	freebsd	9.1
freebsd	freebsd	9.1
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C501A1-FE2D-41E7-A5DB-C61D8701B9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB4C0E8-8E50-44B1-BE0C-4C261D9E9730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6BD5BFF-260A-4A9E-B0AA-C8B8386B154E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CFBAF8FD-8266-46F4-836D-B0A24ECC817D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "1D96D084-E1BC-437D-ACEB-B545078B8549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5764F9ED-05B4-4334-AE65-45492DAB9119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78E559A-430D-4D50-8A83-58A37D393471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DD6B2A2E-6E8C-40D7-B29F-1FC9E8B1076B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*",
              "matchCriteriaId": "0ADB3AF3-5E13-4EC3-AE3C-128DF51E1DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C560926-7789-4052-819D-C36C43C9C61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*",
              "matchCriteriaId": "213ECCF5-4FE2-4FE8-B84E-A1C9AA98F1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52A912B-E7C6-484A-8E15-8208C97B8CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D4B097BE-2CA1-4236-AB8F-1151FCC845A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order."
    },
    {
      "lang": "es",
      "value": "El servidor NFS (nfsserver) en FreeBSD 8.3 hasta 10.0 no adquiere bloqueos en el orden debido cuando convierte un manejador de archivo de directorio hacia un vnode, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicios (bloqueo) a trav\u00e9s de vectores que involucran un hilo que utiliza el orden correcto de bloqueo."
    }
  ],
  "id": "CVE-2014-1453",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-16T18:37:13.413",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57760"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/59034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2952"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/66726"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1030041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030041"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-1453 (GCVE-0-2014-1453)

Vulnerability from cvelistv5

Published

2014-04-16 18:00