{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-21T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/697464"}, {"name": "88953", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/88953"}, {"name": "RHSA-2013:0517", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0517.html"}, {"name": "[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=135749410312247&w=2"}, {"name": "MDVSA-2013:154", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:154"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892330"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.475Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/697464"}, {"name": "88953", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/88953"}, {"name": "RHSA-2013:0517", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0517.html"}, {"name": "[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=135749410312247&w=2"}, {"name": "MDVSA-2013:154", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:154"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892330"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0157", "datePublished": "2014-01-21T18:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.475Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kernel:util-linux:2.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E649C864-64A2-46A1-8D11-C2B5AE0122B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kernel:util-linux:2.17.2:*:*:*:*:*:*:*", "matchCriteriaId": "21667158-8A4D-4EF8-9E96-E35B4885480B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists."}, {"lang": "es", "value": "(a) mount y (b) unmount en util-linux 2.14.1, 2.17.2, y probablemente otras versiones permite a usuarios locales determinar la existencia de directorios restringidos mediante (1) el uso de la opci\u00f3n de comando --guess-fstype command-line o (2) intentar montar un dispositivo inexistente, lo que genera diferentes mensajes de error dependiendo de si el directorio existe."}], "id": "CVE-2013-0157", "lastModified": "2024-11-21T01:46:57.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-21T18:55:09.007", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/697464"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=135749410312247&w=2"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/88953"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0517.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:154"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/697464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=135749410312247&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/88953"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0517.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892330"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0517", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "util-linux-ng-0:2.17.2-12.9.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}], "bugzilla": {"description": "util-linux: mount folder existence information disclosure", "id": "892330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892330"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists."], "name": "CVE-2013-0157", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "util-linux", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "util-linux", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-01-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0157\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0157"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}