Multiple vulnerabilities in FreeBSD NFS server code

FreeBSD is a free and open source operating system. The NFS (Network File System) is a server and client application that turn FreeBSD into a file sharing server. Users can upload or update files on a remote NFS server. NFS is standard on NAS (network attached storage) devices or sharing data for web servers. A new bug found in NFS server code which could allow a remote attacker to crash the NFS server, resulting in a denial of service (DoS) attack. Another possibility is to execute arbitrary code on the server.


Multiple vulnerabilities in FreeBSD NFS server code

Multiple vulnerabilities in FreeBSD NFS server code
From the mailing list:

The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were local. FreeBSD includes both server and client implementations of NFS.

Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet.

No workaround is available, but systems that do not provide NFS services are not vulnerable.

Additionally, it is highly recommended the NFS service port (default port number 2049) is protected via a host or network based firewall to prevent arbitrary, untrusted clients from being able to connect.

How to fix FreeBSD NFS vulnerabilities

One can patch FreeBSD using the binary method. All you have to do is type the following two commands as root user:
# uname -mrs
# freebsd-update fetch

freebsd-update to patch nfs server issue detected on Nov 28 2018

Patching FreeBSD Security Advisory FreeBSD-SA-18:13.nfs

Install the updates:
# freebsd-update install
Installing updates... done.

Once patched just reboot the FreeBSD box:
# reboot
# shutdown -r now


After reboot verify that you got a new kernel. You can find out FreeBSD version and patch level number by running the following commands:
# freebsd-version
# uname -mrs

FreeBSD version and patch level
Please note that if you are using a custom kernel, you need to compile a FreeBSD kernel. The freebsd-update based binary method only works if you are using stock FreeBSD kernel.
# svn update /usr/src/
# more /usr/src/UPDATING
# cp -v /usr/src/share/examples/jails/VIMAGE /usr/src/sys/amd64/conf/VIMAGE
# cd /usr/src/
# make -j 16 KERNCONF=VIMAGE kernel
# reboot
# freebsd-verion

For more info see:


It is essential that you apply the patch binary or source code method to fix NFS related security issues. For more info, please see this page.

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.