First Last Prev Next    This bug is not in your last search results.
Bug 1181162 - (CVE-2021-3178) VUL-0: DISPUTED: CVE-2021-3178: kernel-source-rt,kernel-source,kernel-source-azure: when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse other parts (fs/nfsd/nfs3xdr.c)
(CVE-2021-3178)
VUL-0: DISPUTED: CVE-2021-3178: kernel-source-rt,kernel-source,kernel-source-...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/275778/
CVSSv3.1:SUSE:CVE-2021-3178:5.7:(AV:A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-20 10:24 UTC by Robert Frohl
Modified: 2021-03-02 15:22 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-01-20 10:24:39 UTC 
CVE-2021-3178

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there
is an NFS export of a subdirectory of a filesystem, allows remote attackers to
traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties
argue that such a subdirectory export is not intended to prevent this attack;
see also the exports(5) no_subtree_check default behavior.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3178
https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
Comment 1 Robert Frohl 2021-01-20 10:24:56 UTC 
opening this so that we have a record
Comment 3 Takashi Iwai 2021-01-21 11:40:27 UTC 
Neil, could you check?
Comment 4 Neil Brown 2021-01-21 22:05:14 UTC 
I agree that this disputed ... or to put it bluntly: completely misguided.

There is no vulnerability.  The export of subdirectories is documented as providing access to the entire filesystem unless "subtree_check" is specified, and that can cause other problems.

Further, the identified patch make no change to access at all.  Anything that could be accessed before the patch can equally be accessed after the patch.  The information that it exposes is easily discovered by other paths.

The patch itself is appropriate but of almost zero significance.  I would not backport it to stable kernels myself, but I don't strongly object to doing so.
Comment 5 Takashi Iwai 2021-01-25 14:34:23 UTC 
Reassigned back to security team.
Comment 6 Robert Frohl 2021-03-02 15:22:41 UTC 
closing
First Last Prev Next    This bug is not in your last search results.