logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-12559

Description

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798>


Affected Package


OS OS Version Package Name Package Version
ubuntu 14.04 cantata any
ubuntu upstream cantata 2.3.0.ds1-2

Related