CVE-2024-6759

12.08.2024, 13:38

When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/".  This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.

The lack of validation described above gives rise to a confused deputy problem.  For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
freebsd	CNA	---				---
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Vendor	Product	Version
freebsd	freebsd	𝑥 < 13.0
freebsd	freebsd	13.1 ≤ 𝑥 < 13.3
freebsd	freebsd	13.3:p1
freebsd	freebsd	13.3:p2
freebsd	freebsd	13.3:p3
freebsd	freebsd	13.3:p4
freebsd	freebsd	14.0:beta5
freebsd	freebsd	14.0:p1
freebsd	freebsd	14.0:p2
freebsd	freebsd	14.0:p3
freebsd	freebsd	14.0:p4
freebsd	freebsd	14.0:p5
freebsd	freebsd	14.0:p6
freebsd	freebsd	14.0:p7
freebsd	freebsd	14.0:p8
freebsd	freebsd	14.0:rc3
freebsd	freebsd	14.0:rc4-p1
freebsd	freebsd	14.1:p1
freebsd	freebsd	14.1:p2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:07.nfsclient.asc

https://security.netapp.com/advisory/ntap-20240816-0009/