Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
samba cifs-utils vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-29869
cifs-utils up to and including 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
Samba Cifs-utils
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.2
CVSSv2
CVE-2022-27239
In cifs-utils up to and including 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Samba Cifs-utils
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise Server 11
Suse Openstack Cloud 8.0
Suse Linux Enterprise Server 15
Suse Linux Enterprise Software Development Kit 12
Suse Openstack Cloud Crowbar 8.0
Suse Openstack Cloud Crowbar 9.0
Suse Openstack Cloud 9.0
Suse Linux Enterprise Server 12
Suse Manager Server 4.1
Suse Linux Enterprise Desktop 15
Suse Enterprise Storage 7.0
Suse Caas Platform 4.0
Suse Enterprise Storage 6.0
Suse Manager Proxy 4.1
Suse Linux Enterprise High Performance Computing 12.0
Suse Linux Enterprise High Performance Computing 15.0
Suse Linux Enterprise Real Time 15.0
Suse Linux Enterprise Point Of Service 11.0
4.9
CVSSv2
CVE-2021-20208
A flaw was found in cifs-utils in versions prior to 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Samba Cifs-utils
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4.4
CVSSv2
CVE-2020-14342
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their pr...
Samba Cifs-utils
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
1.2
CVSSv2
CVE-2011-2724
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and previous versions does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab c...
Samba Samba 3.0.19
Samba Samba 3.0.23
Samba Samba 3.0.14a
Samba Samba 2.2.1a
Samba Samba 3.0.27
Samba Samba 3.0.31
Samba Samba 3.0.3
Samba Samba 2.0.10
Samba Samba 2.2.12
Samba Samba 3.0.8
Samba Samba 3.2.15
Samba Samba 3.3.3
Samba Samba 2.2.3
Samba Samba 3.5.1
Samba Samba 3.0.29
Samba Samba 3.0.25
Samba Samba 2.0.1
Samba Samba 3.0.25b
Samba Samba 3.2.5
Samba Samba 3.4.2
Samba Samba 2.2.3a
Samba Samba 3.5.9
3.3
CVSSv2
CVE-2011-1678
smbfs in Samba 3.5.8 and previous versions attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the ...
Samba Samba
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started