Published: 21/01/2014 Updated: 22/01/2014

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kernel util-linux 2.14.1
kernel util-linux 2.17.2

Synopsis Low: util-linux-ng security, bug fix and enhancement update Type/Severity Security Advisory: Low Topic Updated util-linux-ng packages that fix one security issue, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 6The Red Hat Security Response Team has rated t ...

Debian Bug report logs - #697464 CVE-2013-0157: mount/umount leak information about existence of folders Package: mount; Maintainer for mount is LaMont Jones <lamont@debianorg>; Source for mount is src:util-linux (PTS, buildd, popcon) Reported by: Jann Horn <jannhorn@googlemailcom> Date: Sat, 5 Jan 2013 16:24:01 U ...

CWE-200 http://bugs.debian.org/697464 http://marc.info/?l=oss-security&m=135749410312247&w=2 http://rhn.redhat.com/errata/RHSA-2013-0517.html http://osvdb.org/88953 http://www.mandriva.com/security/advisories?name=MDVSA-2013:154 https://bugzilla.redhat.com/show_bug.cgi?id=892330 https://access.redhat.com/errata/RHSA-2013:0517 https://nvd.nist.gov

CVE-2013-0157

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect