Lucene search
Gentoo FoundationMGASA-2018-0314HistoryJul 13, 2018 - 10:01 p.m.
Updated cantata packages fix security vulnerability
2018-07-1322:01:19
Gentoo Foundation
advisories.mageia.org
8
0.002 Low
EPSS
Percentile
60.6%
The mount target path check in mounter.cpp ‘mpOk()’ is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components (CVE-2018-12559). Arbitrary unmounts can be performed by regular users the same way (CVE-2018-12560). A regular user can inject additional mount options like file_mode= by manipulating e.g. the domain parameter of the samba URL (CVE-2018-12561). The wrapper script ‘mount.cifs.wrapper’ uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards which can also be injected (CVE-2018-12562). To fix these issues, the vulnerable D-Bus service has been removed.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | cantata | < 2.0.1-5.1 | cantata-2.0.1-5.1.mga6 |
Related
fedora
fedora
[SECURITY] Fedora 27 Update: cantata-2.3.1-1.fc27
2018-07-06 15:46:11
[SECURITY] Fedora 28 Update: cantata-2.3.1-1.fc28
2018-07-06 16:45:19
openvas
openvas
Fedora Update for cantata FEDORA-2018-9296823b6c
2018-07-07 00:00:00
Fedora Update for cantata FEDORA-2018-d1f6c8957f
2018-07-07 00:00:00
Mageia: Security Advisory (MGASA-2018-0314)
2022-01-28 00:00:00
nessus
nessus
Fedora 28 : cantata (2018-d1f6c8957f)
2019-01-03 00:00:00
Fedora 27 : cantata (2018-9296823b6c)
2018-07-09 00:00:00
archlinux
archlinux
[ASA-201806-12] cantata: multiple issues
2018-06-20 00:00:00
ubuntucve
ubuntucve
osv
osv
prion
prion
Design/Logic Flaw
2018-06-19 05:29:00
Directory traversal
2018-06-19 05:29:00
Directory traversal
2018-06-19 05:29:00
redhatcve
redhatcve
CVE-2018-12560
2022-05-21 00:05:29
cvelist
cvelist
cve
cve
debiancve
debiancve