cbcvebase.
CVE-2006-0900
published 2006-02-27

CVE-2006-0900: nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.

PriorityP341high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
64.37%
99.1th percentile
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.

Affected

1 ranges
VendorProductVersion rangeFixed in
freebsdfreebsd

Detection & IOCsextracted from sources · hover to see the quote

port2049/tcp
bytes
\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xa5\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x2f\x74\x6d\x70
  • Trigger condition is a TCP NFS RPC message to port 2049 with a zero-length payload, causing a NULL pointer dereference and kernel panic in nfsd.
  • The exploit payload targets RPC program number 0x000186a5 (NFS mountd, decimal 100005) over TCP port 2049; monitor for crafted RPC MOUNT requests with this program number and zero-length or malformed payloads.
  • The kernel will only process the malicious RPC messages if a userland nfsd daemon is running; detection should confirm nfsd is active on the target.
  • ·Vulnerability is only exploitable when the NFS server is enabled and the nfsd daemon is running; disabling NFS server (nfs_server_enable=NO in /etc/rc.conf) or killing mountd/nfsd processes mitigates the risk.
  • ·Firewall rules blocking RPC traffic to the NFS server from untrusted hosts serve as an effective network-level workaround.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.