CVE Vulnerability

CVE-2018-12562

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3 Patch Technical Description
http://www.openwall.com/lists/oss-security/2018/06/18/1 Mailing List Technical Description
Configurations

Configuration 1

cpe:2.3:a:cantata_project:cantata:*:*:*:*:*:*:*:*
Information

Published : 2018-06-19 05:29

Updated : 2018-08-10 06:05

NVD link : CVE-2018-12562

Mitre link : CVE-2018-12562

Products Affected
No products.
CWE
CWE-20