Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2013-4362 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
davfs2 Other software / Other software solutions |
Vendor | savannah.nongnu.org |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU42514
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-4362
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
MitigationInstall update from vendor's website.
Vulnerable software versionsdavfs2: 1.4.6 - 1.4.7
External linkshttp://osvdb.org/97416
http://osvdb.org/97417
http://savannah.nongnu.org/bugs/?40034
http://seclists.org/oss-sec/2013/q3/627
http://www.debian.org/security/2013/dsa-2765
http://www.securityfocus.com/bid/62445
http://security.gentoo.org/glsa/201612-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.