CVE-2013-4362

davfs2 1.4.6-1.4.7 - Privilege Escalation via System Function in kernel_interface.c and mount_davfs.c

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4362. PoCs published by Lorenzo Cantoni, notclement.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in davfs2 (CVE-2013-4362) by manipulating the MODPROBE_OPTIONS environment variable to load a malicious kernel module, which then executes arbitrary user-mode code as root.

Description

WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Lorenzo Cantoni · textlocallinux
https://www.exploit-db.com/exploits/28806

This exploit leverages a privilege escalation vulnerability in davfs2 (CVE-2013-4362) by manipulating the MODPROBE_OPTIONS environment variable to load a malicious kernel module, which then executes arbitrary user-mode code as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: davfs2 1.4.6/1.4.7
Auth required
Prerequisites: User must be in the davfs2 group · At least one of the 'fuse' or 'coda' kernel modules must not be loaded · Valid WebDAV server entry in /etc/fstab · Kernel headers, make, and gcc for module compilation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by notclement · poc
https://github.com/notclement/Automatic-davfs2-1.4.6-1.4.7-Local-Privilege-Escalation

This repository contains scripts to automate the exploitation of CVE-2013-4362, a local privilege escalation vulnerability in davfs2 versions 1.4.6 and 1.4.7. The exploit leverages the coda kernel module to gain root privileges via a reverse shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: davfs2 1.4.6-1.4.7
Auth required
Prerequisites: User must be able to mount remote webdav servers · Coda kernel module not loaded · Credentials for webdav server if authentication is required
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2765
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/97417
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/97416
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201612-02
Patch mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/627
Patch x_refsource_confirm
http://savannah.nongnu.org/bugs/?40034
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/62445

Scores

EPSS 0.0117
EPSS Percentile 63.3%

Details

CWE
CWE-264
Status published
Products (2)
werner_baumann/davfs2 1.4.6
werner_baumann/davfs2 1.4.7
Published Sep 30, 2013
Tracked Since Feb 18, 2026