An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2018/06/18/1 | Mailing List Technical Description |
https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3 | Patch Technical Description |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-19T05:00:00
Updated: 2018-06-19T05:57:01
Reserved: 2018-06-19T00:00:00
Link: CVE-2018-12562
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-19T05:29:00.450
Modified: 2018-08-10T18:05:12.223
Link: CVE-2018-12562
JSON object: View
Redhat Information
No data.
CWE