ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0314
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0314)
Resumen:	The remote host is missing an update for the 'cantata' package(s) announced via the MGASA-2018-0314 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cantata' package(s) announced via the MGASA-2018-0314 advisory. Vulnerability Insight: The mount target path check in mounter.cpp 'mpOk()' is insufficient. A regular user can this way mount a CIFS filesystem anywhere, and not just beneath /home by passing relative path components (CVE-2018-12559). Arbitrary unmounts can be performed by regular users the same way (CVE-2018-12560). A regular user can inject additional mount options like file_mode= by manipulating e.g. the domain parameter of the samba URL (CVE-2018-12561). The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards which can also be injected (CVE-2018-12562). To fix these issues, the vulnerable D-Bus service has been removed. Affected Software/OS: 'cantata' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12559 http://www.openwall.com/lists/oss-security/2018/06/18/1 https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3 Common Vulnerability Exposure (CVE) ID: CVE-2018-12560 Common Vulnerability Exposure (CVE) ID: CVE-2018-12561 Common Vulnerability Exposure (CVE) ID: CVE-2018-12562
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.