AVG-721

Package cantata
Status Fixed
Severity High
Type multiple issues
Affected 2.3.1-1
Fixed 2.3.1-2
Current 2.3.3-1 [community]
Ticket None
Created Tue Jun 19 21:46:12 2018
Issue Severity Remote Type Description
CVE-2018-12562 High No Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the...
CVE-2018-12561 Medium No Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode=...
CVE-2018-12560 Medium No Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory...
CVE-2018-12559 High No Privilege escalation
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient....
Date Advisory Package Description
20 Jun 2018 ASA-201806-12 cantata multiple issues