Main Vulnerability Database Vulnerabilities #VU83503

Improper access control in zfs - CVE-2013-20001

Published: November 27, 2023

Vulnerability identifier: #VU83503

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-20001

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
zfs

Software vendor:
openzfs

Description

The vulnerability allows a remote attacker to gain unauthorized access to the network share.

The vulnerability exists due to improper validation of IPv6 addresses when an NFS share is exported to IPv6 address via the sharenfs feature. As a result, access restrictions are not applied. A remote attacker can connect to the share and gain access to files.

Remediation

Install updates from vendor's website.

External links

https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652
https://github.com/openzfs/zfs/releases

Improper access control in zfs - CVE-2013-20001

Description

Remediation

External links

Please verify you're human