vulnerability
FreeBSD: VID-c02b8db5-771b-11ef-9a62-002590c1f29c (CVE-2024-6759): FreeBSD -- NFS client accepts file names containing path separators
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 20, 2024 | Sep 22, 2024 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 20, 2024
Added
Sep 22, 2024
Modified
Dec 10, 2025
Description
Problem Description: When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. Impact: The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
Solutions
freebsd-upgrade-base-14_1-release-p3freebsd-upgrade-base-14_0-release-p9freebsd-upgrade-base-13_3-release-p5
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.