fs/nfsd/nfs3xdr.c in the Linux kernel up to and including 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote malicious users to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
fedoraproject fedora 33 |
||
debian debian linux 9.0 |