Census Labs have discovered two improper input validation vulnerabilities in the FreeBSD kernel's NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.
7bd9d69552b70351a19fbe5774c1749a4db9386e89b78adad0dde849ae2ec339
Local kernel exploit for nfs_mount() on FreeBSD versions 8.0, 7.3 and 7.2. It escalates privileges on versions 7.2 and 7.3 and causes a denial of service on 8.0.
92298b6c7ebbb8ffd472450225e595757b19ebf2c26e89e268dc728e7a3e68b3
FreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.
70736852d69a5ba3339928319cc037983dc3817d723837db593e3435317fcb66