When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.
The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Aug 2024, 15:08
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://security.freebsd.org/advisories/FreeBSD-SA-24:07.nfsclient.asc - Vendor Advisory | |
First Time |
Freebsd
Freebsd freebsd |
|
CPE | cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* |
12 Aug 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-22 |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-11-21 09:50
NVD link : CVE-2024-6759
Mitre link : CVE-2024-6759
CVE.ORG link : CVE-2024-6759
JSON object : View
Products Affected
freebsd
- freebsd
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')