fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
References
Configurations
History
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
Summary | fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior | |
References |
|
|
25 Mar 2021, 13:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html - Mailing List, Third Party Advisory |
09 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jan 2021, 17:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
28 Jan 2021, 21:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 6.5 |
References | (MISC) https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ - Mailing List, Patch, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/ - Mailing List, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 - Mailing List, Patch, Vendor Advisory | |
CWE | CWE-22 |
27 Jan 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-19 07:15
Updated : 2024-04-11 01:12
NVD link : CVE-2021-3178
Mitre link : CVE-2021-3178
CVE.ORG link : CVE-2021-3178
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')