MGASA-2018-0314

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0314.html

Import Source

https://advisories.mageia.org/MGASA-2018-0314.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0314

Related

Published

2018-07-13T19:01:19Z

Modified

2018-07-13T18:41:55Z

Summary

Updated cantata packages fix security vulnerability

Details

The mount target path check in mounter.cpp 'mpOk()' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components (CVE-2018-12559).

Arbitrary unmounts can be performed by regular users the same way (CVE-2018-12560).

A regular user can inject additional mount options like file_mode= by manipulating e.g. the domain parameter of the samba URL (CVE-2018-12561).

The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards which can also be injected (CVE-2018-12562).

To fix these issues, the vulnerable D-Bus service has been removed.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / cantata

Package

Name: cantata
Purl: pkg:rpm/mageia/cantata?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1-5.1.mga6

Ecosystem specific

{
    "section": "core"
}