logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-12559

Description

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.


Affected Package


OS OS Version Package Name Package Version
Debian 12 cantata 2.5.0.ds1-1
Debian 11 cantata 2.4.2.ds1-1
Debian 10 cantata 2.3.3.ds1-1
Debian 999 cantata 2.5.0.ds1-1

Related