Summary: | <net-fs/davfs2-1.5.2: insecure use of system() (CVE-2013-4362) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | christian.tietz, cyberbat83, gokturk, net-fs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1008313 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 564592 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-09-17 19:23:49 UTC
Patch available upstream at http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=24;filename=davfs2-1.4.6-system-2.diff;att=1;bug=723034 CVE-2013-4362 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4362): WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function. A public exploit is available: http://www.1337day.com/exploit/21355 upstream released version 1.5.0 fixing this issue. The fix is in version: Fixed in versions davfs2/1.4.7-3, davfs2/1.4.6-1.1+deb7u1 Since we have 1.4.7, it would be recommended to ebuild and stable for 1.4.7-3. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034 Maintainers, please confirm if version 1.4.5-r1 is vulnerable, based on all the text and discussion it does not look like it is. (In reply to cyberbat from comment #4) > upstream released version 1.5.0 fixing this issue. Upstream bug: https://savannah.nongnu.org/bugs/?40034 There is a stabilization bug open for the version 1.5.0 which fixes the vulnerability: bug 564592. *** Bug 564592 has been marked as a duplicate of this bug. *** Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. Gokturk Yuksek's PR has been merged and vulnerable versions are now purged from the tree. https://github.com/gentoo/gentoo/pull/446 This issue was resolved and addressed in GLSA 201612-02 at https://security.gentoo.org/glsa/201612-02 by GLSA coordinator Aaron Bauman (b-man). |