FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-07 16:55:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c02b8db5-771b-11ef-9a62-002590c1f29c	FreeBSD -- NFS client accepts file names containing path separators Problem Description: When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. Impact: The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory. Discovery 2024-08-07 Entry 2024-09-20 FreeBSD-kernel >= 14.1 lt 14.1_3 >= 14.0 lt 14.0_9 >= 13.3 lt 13.3_5 CVE-2024-6759 SA-24:07.nfsclient

VuXML ID

Description

c02b8db5-771b-11ef-9a62-002590c1f29c

FreeBSD -- NFS client accepts file names containing path separators

Problem Description:

When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.

Impact:

The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.

Discovery 2024-08-07
Entry 2024-09-20
FreeBSD-kernel

>= 14.1 lt 14.1_3

>= 14.0 lt 14.0_9

>= 13.3 lt 13.3_5

CVE-2024-6759
SA-24:07.nfsclient