ALT-PU-2021-1089-1
Package kernel-image-un-def updated to version 5.10.9-alt1 for branch sisyphus in task 264932.
Closed vulnerabilities
Published: 2021-01-12
BDU:2021-02592
Уязвимость компонента fs/nfsd/nfs3xdr.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2021-01-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-3178
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
References:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2021-3bcc7198c8
- FEDORA-2021-3bcc7198c8
- https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/
- https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652%40fieldses.org/