When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
History

Fri, 16 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:freebsd:freebsd:13.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:*:*:*:*:*:*:*
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*

Mon, 12 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Freebsd
Freebsd freebsd
Weaknesses CWE-22
CPEs cpe:2.3:o:freebsd:freebsd:13.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:*:*:*:*:*:*:*
Vendors & Products Freebsd
Freebsd freebsd
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 11 Aug 2024 03:00:00 +0000

Type Values Removed Values Added
Description When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
Title NFS client accepts file names containing path separators
References

cve-icon MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2024-08-11T02:45:15.024Z

Updated: 2024-08-16T17:02:45.727Z

Reserved: 2024-07-15T14:18:19.971Z

Link: CVE-2024-6759

cve-icon Vulnrichment

Updated: 2024-08-16T17:02:45.727Z

cve-icon NVD

Status : Modified

Published: 2024-08-12T13:38:40.380

Modified: 2024-11-21T09:50:15.657

Link: CVE-2024-6759

cve-icon Redhat

No data.