ID CVE-2018-12560 Type cve Reporter NVD Modified 2018-08-10T11:06:35
Description
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
{"nessus": [{"lastseen": "2018-09-05T05:49:31", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2018-9296823b6c"], "pluginID": "110950", "description": "Latest upstream release, omits some mounting code found to be insecure and not well tested.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2018-07-09T00:00:00", "title": "Fedora 27 : cantata (2018-9296823b6c)", "type": "nessus", "enchantments": {"score": {"modified": "2018-09-05T05:49:31", "vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12561", "CVE-2018-12560", "CVE-2018-12559", "CVE-2018-12562"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cantata", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-9296823B6C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-9296823b6c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110950);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2018-12559\", \"CVE-2018-12560\", \"CVE-2018-12561\", \"CVE-2018-12562\");\n script_xref(name:\"FEDORA\", value:\"2018-9296823b6c\");\n\n script_name(english:\"Fedora 27 : cantata (2018-9296823b6c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest upstream release, omits some mounting code found to be insecure\nand not well tested.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-9296823b6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cantata package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cantata\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"cantata-2.3.1-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cantata\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:37:14", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GKSK32KTXLRRNHWZF5XFWRMJ24A33OSM", "2018-9296823b6c"], "pluginID": "1361412562310874778", "description": "Check the version of cantata", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-07T00:00:00", "title": "Fedora Update for cantata FEDORA-2018-9296823b6c", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:37:14", "vector": "NONE", "value": 6.8}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12561", "CVE-2018-12560", "CVE-2018-12559", "CVE-2018-12562"], "modified": "2018-08-15T00:00:00", "id": "OPENVAS:1361412562310874778", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874778", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9296823b6c_cantata_fc27.nasl 10965 2018-08-15 03:42:43Z ckuersteiner $\n#\n# Fedora Update for cantata FEDORA-2018-9296823b6c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874778\");\n script_version(\"$Revision: 10965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-15 05:42:43 +0200 (Wed, 15 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-07 06:06:11 +0200 (Sat, 07 Jul 2018)\");\n script_cve_id(\"CVE-2018-12562\", \"CVE-2018-12561\", \"CVE-2018-12560\", \"CVE-2018-12559\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for cantata FEDORA-2018-9296823b6c\");\n script_tag(name:\"summary\", value:\"Check the version of cantata\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"Cantata is a graphical client for the music player \ndaemon (MPD).\nFeatures:\n* Multiple MPD collections.\n* Highly customisable layout.\n* Songs grouped by album in play queue.\n* Context view to show artist, album, and song information of current track.\n* Simple tag editor.\n* File organizer - use tags to organize files and folders.\n* Ability to calculate ReplyGain tags.\n* Dynamic playlists.\n* Online services Jamendo, Magnatune, SoundCloud, and Podcasts.\n* Radio stream support - with the ability to search for streams via TuneIn\nand ShoutCast.\n* USB-Mass-Storage and MTP device support.\n* Audio CD ripping and playback.\n* Playback of non-MPD songs, via simple in-built HTTP server.\n* MPRISv2 DBUS interface.\n* Support for KDE global shortcuts (KDE builds), GNOME media keys, and generic\nmedia keys (via Qxt support)\n* Ubuntu/ambiance theme integration.\n\");\n script_tag(name:\"affected\", value:\"cantata on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9296823b6c\");\n script_xref(name:\"URL\" , value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GKSK32KTXLRRNHWZF5XFWRMJ24A33OSM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"cantata\", rpm:\"cantata~2.3.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:35", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRPK34PZQUXA4WOTTHRLN4M6QG45WY72", "2018-d1f6c8957f"], "pluginID": "1361412562310874780", "description": "Check the version of cantata", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-07T00:00:00", "title": "Fedora Update for cantata FEDORA-2018-d1f6c8957f", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:37:35", "vector": "NONE", "value": 6.8}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12561", "CVE-2018-12560", "CVE-2018-12559", "CVE-2018-12562"], "modified": "2018-08-15T00:00:00", "id": "OPENVAS:1361412562310874780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d1f6c8957f_cantata_fc28.nasl 10965 2018-08-15 03:42:43Z ckuersteiner $\n#\n# Fedora Update for cantata FEDORA-2018-d1f6c8957f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874780\");\n script_version(\"$Revision: 10965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-15 05:42:43 +0200 (Wed, 15 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-07 06:06:56 +0200 (Sat, 07 Jul 2018)\");\n script_cve_id(\"CVE-2018-12562\", \"CVE-2018-12561\", \"CVE-2018-12560\", \"CVE-2018-12559\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for cantata FEDORA-2018-d1f6c8957f\");\n script_tag(name:\"summary\", value:\"Check the version of cantata\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"Cantata is a graphical client for the music \nplayer daemon (MPD).\n\nFeatures:\n* Multiple MPD collections.\n* Highly customisable layout.\n* Songs grouped by album in play queue.\n* Context view to show artist, album, and song information of current track.\n* Simple tag editor.\n* File organizer - use tags to organize files and folders.\n* Ability to calculate ReplyGain tags.\n* Dynamic playlists.\n* Online services Jamendo, Magnatune, SoundCloud, and Podcasts.\n* Radio stream support - with the ability to search for streams via TuneIn\nand ShoutCast.\n* USB-Mass-Storage and MTP device support.\n* Audio CD ripping and playback.\n* Playback of non-MPD songs, via simple in-built HTTP server.\n* MPRISv2 DBUS interface.\n* Support for KDE global shortcuts (KDE builds), GNOME media keys, and generic\nmedia keys (via Qxt support)\n* Ubuntu/ambiance theme integration.\n\");\n script_tag(name:\"affected\", value:\"cantata on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d1f6c8957f\");\n script_xref(name:\"URL\" , value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRPK34PZQUXA4WOTTHRLN4M6QG45WY72\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"cantata\", rpm:\"cantata~2.3.1~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
