The Network File System (NFS) on FreeBSD, NetBSD and OpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a RPC message containing a zero-length payload to a NFS server. This causes the NFS server to reference a previous payload and enter into an infinite loop, resulting in a loss of availability for the platform.

Upgrade to FreeBSD version 4.6.1-RELEASE-p7 or higher, as it has been reported to fix this vulnerability. Also, FreeBSD has released patches for some older versions.

Upgrade to NetBSD version 1.6 after the correction date or higher, as it has been reported to fix this vulnerability.

Upgrade to OpenBSD version 3.2 or higher, as it has been reported to fix this vulnerability.

• CVE ID: 2002-0830 (see also: NVD)
• Bugtraq ID: 5402
• ISS X-Force ID: 9772
• Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc http://docs.info.apple.com/article.html?artnum=61798
  http://www.openbsd.org/plus32.html
• Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch.asc

• Mike Junk - junkisilon.com -