Published: 27/08/2012 Updated: 28/08/2012

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian cifs-utils 2.6

Synopsis Low: cifs-utils security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An updated cifs-utils package that fixes one security issue, multiple bugs,and adds various enhancements is now available for Red HatEnterprise Linux 6The Red Hat Security Response Team has rated t ...

Debian Bug report logs - #665923 file enumeration vulnerability via mountcifs due to early use of chdir() and error message Package: cifs-utils; Maintainer for cifs-utils is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Source for cifs-utils is src:cifs-utils (PTS, buildd, popcon) Reported by: Nico Gol ...

########## Blueliv Advisory 2012-004 ########## - Discovered by: Jesus Olmos Gonzalez at Blueliv - Risk: 5/5 - Impact: 1/5 ############################################### 1 VULNERABILITY ------------------------- linux privileged and arbitrary chdir(), this leads to an arbitary file identification as root 2 BACKGROUND ------------------------- ...

CWE-200 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923 http://www.openwall.com/lists/oss-security/2012/03/27/6 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html https://bugzilla.samba.org/show_bug.cgi?id=8821 http://www.openwall.com/lists/oss-security/2012/03/27/1 https://access.redhat.com/errata/RHSA-2012:0902 https://nvd.nist.gov https://www.exploit-db.com/exploits/18783/

CVE-2012-1586

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect