Gentoo FoundationMGASA-2018-0314Updated cantata packages fix security vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.4%
The mount target path check in mounter.cpp ‘mpOk()’ is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components (CVE-2018-12559). Arbitrary unmounts can be performed by regular users the same way (CVE-2018-12560). A regular user can inject additional mount options like file_mode= by manipulating e.g. the domain parameter of the samba URL (CVE-2018-12561). The wrapper script ‘mount.cifs.wrapper’ uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards which can also be injected (CVE-2018-12562). To fix these issues, the vulnerable D-Bus service has been removed.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | cantata | < 2.0.1-5.1 | cantata-2.0.1-5.1.mga6 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.4%