Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2013-4362

Published: 30/09/2013 Updated: 01/07/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.

Vulnerable Product Search on Vulmon Subscribe to Product

werner baumann davfs2 1.4.6

werner baumann davfs2 1.4.7

Vendor Advisories

Debian CVElist Bug Report Logs: davfs2: CVE-2013-4362: Unsecure use of system()
Debian Bug report logs - #723034 davfs2: CVE-2013-4362: Unsecure use of system() Package: davfs2; Maintainer for davfs2 is Luciano Bello <luciano@debianorg>; Source for davfs2 is src:davfs2 (PTS, buildd, popcon) Reported by: Werner Baumann <wernerbaumann@onlinehomede> Date: Sun, 15 Sep 2013 16:33:02 UTC Severity: ...
Debian Security Advisories: DSA-2765-1 davfs2 -- privilege escalation
Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root This might allow a privilege escalation For the oldstable distribution (squeeze), this problem has been fixed in version 146-11+squeeze1 For the stable distribution (wheezy), this problem has been fixed in version 146-11+deb7u1 For the test ...

Exploits

Exploit DB: davfs2 1.4.6/1.4.7 - Local Privilege Escalation
davfs2 146/147 local privilege escalation exploit *Bug Description*: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition The bug is well documented at bugsdebianorg/cgi-bin/bugreportcgi?bug=723034 Basically the program "mountdavfs" runs as root with setuid and executes some calls t ...

Github Repositories

https://github.com/notclement/Automatic-davfs2-1.4.6-1.4.7-Local-Privilege-Escalation

Automatically exploit systems with vulnerable davfs2 (CVE-2013-4362)

Automatic-davfs2-146-147-Local-Privilege-Escalation Automatically exploit systems with vulnerable davfs2 (CVE-2013-4362) WHAT IS THIS FOR? Just two sh scripts to simplify the exploitation davfs2 with vulnerable versions Prerequisites At least one of the module 'fuse' or 'coda' must not be loaded into the kernel (The PoC works with coda which is not loa

References

CWE-264http://osvdb.org/97416http://savannah.nongnu.org/bugs/?40034http://osvdb.org/97417http://www.debian.org/security/2013/dsa-2765http://seclists.org/oss-sec/2013/q3/627http://www.securityfocus.com/bid/62445https://security.gentoo.org/glsa/201612-02https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034https://github.com/notclement/Automatic-davfs2-1.4.6-1.4.7-Local-Privilege-Escalationhttps://www.exploit-db.com/exploits/28806/https://www.debian.org/security/./dsa-2765
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook