CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88
https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-12 15:15

Updated : 2024-07-12 16:34

NVD link : CVE-2024-39916

Mitre link : CVE-2024-39916

CVE.ORG link : CVE-2024-39916

JSON object : View

Products Affected

No product.

CWE

CWE-453

Insecure Default Variable Initialization

{"id": "CVE-2024-39916", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.1}]}, "published": "2024-07-12T15:15:11.813", "references": [{"url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "source": "security-advisories@github.com"}, {"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-453"}]}], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30."}, {"lang": "es", "value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Existe un problema de seguridad con la configuraci\u00f3n de NFS en /etc/exports generada por el instalador que permite a un atacante modificar archivos fuera de la exportaci\u00f3n en la instalaci\u00f3n predeterminada. Las exportaciones tienen la opci\u00f3n no_subtree_check. La opci\u00f3n no_subtree_check significa que si un cliente realiza una operaci\u00f3n de archivo, el servidor solo verificar\u00e1 si el archivo solicitado est\u00e1 en el sistema de archivos correcto, no si est\u00e1 en el directorio correcto. Esto permite modificar archivos en /images, acceder a otros archivos en el mismo sistema de archivos y acceder a archivos en otros sistemas de archivos. Esta vulnerabilidad se solucion\u00f3 en 1.5.10.30."}], "lastModified": "2024-07-12T16:34:58.687", "sourceIdentifier": "security-advisories@github.com"}