FS#37002 : [davfs2] security patch for CVE-2013-4362

FS#37002 - [davfs2] security patch for CVE-2013-4362

Attached to Project: Arch Linux
Opened by RbN (RbN) - Friday, 20 September 2013, 17:42 GMT
Last edited by Thomas Bächler (brain0) - Monday, 13 January 2014, 22:04 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Thomas Bächler (brain0)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
Insecure use of system().
exploitation of this bug is very easy and can lead to a priviledge escalation.

CVE attribution [1]
Debian bugtracker [2]

Resolution:
patch provided by upstream [3]

[1] http://www.openwall.com/lists/oss-security/2013/09/17/7
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034
[3] http://savannah.nongnu.org/bugs/download.php?file_id=29142

This task depends upon

Closed by Thomas Bächler (brain0)
Monday, 13 January 2014, 22:04 GMT
Reason for closing: Fixed

Comment by RbN (RbN) - Thursday, 10 October 2013, 20:21 GMT

Exploits are available on the internet, please consider correct it :)

Comment by RbN (RbN) - Monday, 13 January 2014, 21:36 GMT

More exploits available ....

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#37002 - [davfs2] security patch for CVE-2013-4362

Details

Loading...