QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3178

Published: Jan 19, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6

x_refsource_MISC

FEDORA-2021-3bcc7198c8

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.