CVE-2021-3178

Description

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
• v2.0•MEDIUM•Score: 5.5AV:N/AC:L/Au:S/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.18%• Percentile: 39%

Techniques & Countermeasures

• CWE-22•Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Affected Systems

• debian•debian_linux

  9.0

• fedoraproject•fedora

  33

• linux•linux_kernel

  ≤ 5.10.8

References (4)

• https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/
• https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html