4 matches found
Code injection
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
CVE-2018-12562
Cantata (Cantata mounter D-Bus service) up to version 2.3.1 is affected by CVE-2018-12562 due to the wrapper script mount.cifs.wrapper using the shell to forward arguments to mount.cifs, allowing wildcard expansion and potential argument manipulation. The Mageia advisory notes this alongside CVEs...