Computer Security
[EN] securityvulns.ru no-pyccku


util-linux / mount information leakage
Published:04.05.2013
Source:
SecurityVulns ID:13047
Type:local
Threat Level:
4/10
Description:It's possible to check file existance.
Affected:LINUX : util-linux 2.21
CVE:CVE-2013-0157 ((a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.)
 CVE-2010-3879 (FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:154 ] util-linux (04.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod