WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the system function.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Davfs2 | Werner_baumann | 1.4.6 (including) | 1.4.6 (including) |
| Davfs2 | Werner_baumann | 1.4.7 (including) | 1.4.7 (including) |
| Davfs2 | Ubuntu | artful | * |
| Davfs2 | Ubuntu | lucid | * |
| Davfs2 | Ubuntu | precise | * |
| Davfs2 | Ubuntu | quantal | * |
| Davfs2 | Ubuntu | raring | * |
| Davfs2 | Ubuntu | saucy | * |
| Davfs2 | Ubuntu | upstream | * |
| Davfs2 | Ubuntu | utopic | * |
| Davfs2 | Ubuntu | vivid | * |
| Davfs2 | Ubuntu | wily | * |
| Davfs2 | Ubuntu | yakkety | * |
| Davfs2 | Ubuntu | zesty | * |
References
- http://osvdb.org/97416
- http://osvdb.org/97417
- http://savannah.nongnu.org/bugs/?40034
- http://seclists.org/oss-sec/2013/q3/627
- http://www.debian.org/security/2013/dsa-2765
- http://www.securityfocus.com/bid/62445
- https://security.gentoo.org/glsa/201612-02
- http://osvdb.org/97416
- http://osvdb.org/97417
- http://savannah.nongnu.org/bugs/?40034
- http://seclists.org/oss-sec/2013/q3/627
- http://www.debian.org/security/2013/dsa-2765
- http://www.securityfocus.com/bid/62445
- https://security.gentoo.org/glsa/201612-02