Information disclosure in Kernel Util-linux

CVE-2013-0157

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-…

Vulnerability class: Information Disclosure

EPSS: 0.001 (18.4th percentile) — read the EPSS interpretation.

Affected products

Kernel Util-linux — versions 2.14.1, 2.17.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM)
88953 (x_refsource_OSVDB, vdb-entry)
RHSA-2013:0517 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders (mailing-list, x_refsource_MLIST)
MDVSA-2013:154 (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM)