CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:37

Type Values Removed Values Added
Summary ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
References
  • {'url': 'https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/', 'name': 'https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/', 'name': 'FEDORA-2021-3bcc7198c8', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/ -
  • () https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/ -

25 Mar 2021, 13:54

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html - Mailing List, Third Party Advisory

09 Mar 2021, 21:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html -

29 Jan 2021, 17:22

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

28 Jan 2021, 21:02

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.5
v3 : 6.5
References (MISC) https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ - (MISC) https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ - Mailing List, Patch, Vendor Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/ - Mailing List, Third Party Advisory
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 - Mailing List, Patch, Vendor Advisory
CWE CWE-22

27 Jan 2021, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/ -

20 Jan 2021, 18:15

Type Values Removed Values Added
References
  • (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 -

19 Jan 2021, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-01-19 07:15

Updated : 2024-05-17 02:00


NVD link : CVE-2021-3178

Mitre link : CVE-2021-3178

CVE.ORG link : CVE-2021-3178


JSON object : View

Products Affected

fedoraproject

  • fedora

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')