Unrated severityNVD Advisory· Published Aug 11, 2024· Updated Aug 16, 2024
NFS client accepts file names containing path separators
CVE-2024-6759
Description
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.
The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- security.freebsd.org/advisories/FreeBSD-SA-24:07.nfsclient.ascmitrevendor-advisory
News mentions
0No linked articles in our index yet.