CVE-2018-12562 log

Source
Severity High
Remote No
Type Access restriction bypass
Description
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
Group Package Affected Fixed Severity Status Ticket
AVG-721 cantata 2.3.1-1 2.3.1-2 High Fixed
Date Advisory Group Package Severity Description
20 Jun 2018 ASA-201806-12 AVG-721 cantata High multiple issues
References
https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
http://www.openwall.com/lists/oss-security/2018/06/18/1