An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-19T05:00:00
Updated: 2024-08-05T08:38:06.318Z
Reserved: 2018-06-19T00:00:00
Link: CVE-2018-12562
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-19T05:29:00.450
Modified: 2024-11-21T03:45:26.700
Link: CVE-2018-12562
Redhat
No data.