Executive Summary

Informations
Name CVE-2013-0157 First vendor Publication 2014-01-21
Vendor Cve Last vendor Modification 2014-01-22

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0157

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21076
 
Oval ID: oval:org.mitre.oval:def:21076
Title: RHSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low)
Description: (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
Family: unix Class: patch
Reference(s): RHSA-2013:0517-02
CESA-2013:0517
CVE-2013-0157
 Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): util-linux-ng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23653
 
Oval ID: oval:org.mitre.oval:def:23653
Title: ELSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low)
Description: (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
Family: unix Class: patch
Reference(s): ELSA-2013:0517-02
CVE-2013-0157
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): util-linux-ng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27272
 
Oval ID: oval:org.mitre.oval:def:27272
Title: DEPRECATED: ELSA-2013-0517 -- util-linux-ng security, bug fix and enhancement update (low)
Description: [2.17.2-12.9] - fix #892471 - CVE-2013-0157 mount folder existence information disclosure [2.17.2-12.8] - fix #679833 - [RFE] tailf should support - fix #719927 - [RFE] add adjtimex --compare functionality to hwclock - fix #730272 - losetup does not warn if backing file is < 512 bytes - fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors - fix #736245 - lscpu segfault on non-uniform cpu configuration - fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong - fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte - fix #818621 - lsblk should not open device it prints info about - fix #819945 - hwclock --systz causes a system time jump - fix #820183 - mount(8) man page should include relatime in defaults definition - fix #823008 - update to the latest upstream lscpu and chcpu - fix #837935 - lscpu coredumps on a system with 158 active processors - fix #839281 - inode_readahead for ext4 should be inode_readahead_blks - fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail - fix #845971 - while reading /etc/fstab, mount command returns a device before a directory - fix #858009 - login doesn't update /var/run/utmp properly - fix #809449 - Backport inverse tree (-s) option for lsblk and related patches - fix #809139 - lsblk option -D missing in manpage
Family: unix Class: patch
Reference(s): ELSA-2013-0517
CVE-2013-0157
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): util-linux-ng
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Nessus® Vulnerability Scanner

Date Description
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0579.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-15.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0517.nasl - Type : ACT_GATHER_INFO
2013-04-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-154.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0517.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_util_linux_ng_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0517.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://bugs.debian.org/697464
https://bugzilla.redhat.com/show_bug.cgi?id=892330
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:154
MLIST http://marc.info/?l=oss-security&m=135749410312247&w=2
OSVDB http://osvdb.org/88953
REDHAT http://rhn.redhat.com/errata/RHSA-2013-0517.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Date Informations
2024-02-02 01:21:35
  • Multiple Updates
2024-02-01 12:06:19
  • Multiple Updates
2023-09-05 12:20:24
  • Multiple Updates
2023-09-05 01:06:14
  • Multiple Updates
2023-09-02 12:20:25
  • Multiple Updates
2023-09-02 01:06:19
  • Multiple Updates
2023-08-12 12:24:26
  • Multiple Updates
2023-08-12 01:06:21
  • Multiple Updates
2023-08-11 12:20:34
  • Multiple Updates
2023-08-11 01:06:31
  • Multiple Updates
2023-08-06 12:19:47
  • Multiple Updates
2023-08-06 01:06:21
  • Multiple Updates
2023-08-04 12:19:51
  • Multiple Updates
2023-08-04 01:06:24
  • Multiple Updates
2023-07-14 12:19:49
  • Multiple Updates
2023-07-14 01:06:18
  • Multiple Updates
2023-03-29 01:21:48
  • Multiple Updates
2023-03-28 12:06:26
  • Multiple Updates
2022-10-11 12:17:43
  • Multiple Updates
2022-10-11 01:06:01
  • Multiple Updates
2021-05-04 12:23:14
  • Multiple Updates
2021-04-22 01:27:46
  • Multiple Updates
2020-05-23 00:35:39
  • Multiple Updates
2016-06-28 19:15:03
  • Multiple Updates
2014-11-08 13:30:27
  • Multiple Updates
2014-05-20 13:23:14
  • Multiple Updates
2014-02-17 11:15:18
  • Multiple Updates
2014-01-23 00:18:55
  • Multiple Updates
2014-01-21 21:21:08
  • First insertion