Problem Description:
When mounting a remote filesystem using NFS, the kernel did not
sanitize remotely provided filenames for the path separator character,
"/". This allows readdir(3) and related functions to return
filesystem entries with names containing additional path components.
Impact:
The lack of validation described above gives rise to a confused
deputy problem. For example, a program copying files from an NFS
mount could be tricked into copying from outside the intended source
directory, and/or to a location outside the intended destination
directory.