Description
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Lorenzo Cantoni · textlocallinux
https://www.exploit-db.com/exploits/28806
nomisec
WORKING POC
2 stars
by notclement · poc
https://github.com/notclement/Automatic-davfs2-1.4.6-1.4.7-Local-Privilege-Escalation
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2765
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/97417
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/97416
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-02
Patch mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/627
Patch x_refsource_confirm
http://savannah.nongnu.org/bugs/?40034
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62445
Scores
EPSS
0.0081
EPSS Percentile
74.3%
Details
CWE
CWE-264
Status
published
Products (2)
werner_baumann/davfs2
1.4.6
werner_baumann/davfs2
1.4.7
Published
Sep 30, 2013
Tracked Since
Feb 18, 2026