Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-27239

Published: 27/04/2022 Updated: 24/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Samba

Vulnerability Summary

In cifs-utils up to and including 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba cifs-utils

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

suse linux enterprise server 11

suse openstack cloud 8.0

suse linux enterprise server 15

suse linux enterprise software development kit 12

suse openstack cloud crowbar 8.0

suse openstack cloud crowbar 9.0

suse openstack cloud 9.0

suse linux enterprise server 12

suse manager server 4.1

suse linux enterprise desktop 15

suse enterprise storage 7.0

suse caas platform 4.0

suse enterprise storage 6.0

suse manager proxy 4.1

suse linux enterprise high performance computing 12.0

suse linux enterprise high performance computing 15.0

suse linux enterprise real time 15.0

suse linux enterprise point of service 11.0

suse linux enterprise micro 5.2

suse manager retail branch server 4.2

suse manager retail branch server 4.1

suse manager retail branch server 4.3

suse manager server 4.2

suse manager server 4.3

suse manager proxy 4.2

suse manager proxy 4.3

suse linux enterprise storage 7.1

hp helion openstack 8.0

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Debian CVElist Bug Report Logs: cifs-utils: CVE-2022-27239 CVE-2022-29869
Debian Bug report logs - #1010818 cifs-utils: CVE-2022-27239 CVE-2022-29869 Package: src:cifs-utils; Maintainer for src:cifs-utils is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 May 2022 19:33:02 UTC Severity: grave Tags: patc ...
Ubuntu Security Notice: USN-5459-1: cifs-utils vulnerabilities
Several security issues were fixed in cifs-utils ...
Debian Security Advisories: DSA-5157-1 cifs-utils -- security update
Jeffrey Bencteux reported two vulnerabilities in cifs-utils, the Common Internet File System utilities, which can result in escalation of privileges (CVE-2022-27239) or an information leak (CVE-2022-29869) For the oldstable distribution (buster), these problems have been fixed in version 2:68-2+deb10u1 For the stable distribution (bullseye), the ...
Amazon Linux AMI: ALAS-2023-1698
A stack-based buffer overflow issue was found in pifs-utils Parsing the mountcifs ip command-line argument can lead to local attackers gaining root privileges (CVE-2022-27239) ...
Amazon Linux 2: ALAS2-2023-1977
A stack-based buffer overflow issue was found in pifs-utils Parsing the mountcifs ip command-line argument can lead to local attackers gaining root privileges (CVE-2022-27239) A flaw was found in cifs-utils When verbose logging is enabled, invalid credentials file lines may be dumped to stderr This may lead to information disclosure in particu ...
Amazon Linux 2: ALAS2-2023-1978
A stack-based buffer overflow issue was found in pifs-utils Parsing the mountcifs ip command-line argument can lead to local attackers gaining root privileges (CVE-2022-27239) ...
Red Hat:
In cifs-utils through 614, a stack-based buffer overflow when parsing the mountcifs ip= command-line argument could lead to local attackers gaining root privileges ...
Amazon Linux 2022: ALAS2022-2022-204
A stack-based buffer overflow issue was found in pifs-utils Parsing the mountcifs ip command-line argument can lead to local attackers gaining root privileges (CVE-2022-27239) A flaw was found in cifs-utils When verbose logging is enabled, invalid credentials file lines may be dumped to stderr This may lead to information disclosure in particu ...
Amazon Linux 2022: ALAS2022-2022-089
A stack-based buffer overflow issue was found in pifs-utils Parsing the mountcifs ip command-line argument can lead to local attackers gaining root privileges (CVE-2022-27239) A flaw was found in cifs-utils When verbose logging is enabled, invalid credentials file lines may be dumped to stderr This may lead to information disclosure in particu ...

References

CWE-787http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Sambahttps://bugzilla.samba.org/show_bug.cgi?id=15025https://bugzilla.suse.com/show_bug.cgi?id=1197216https://github.com/piastry/cifs-utils/pull/7https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765https://lists.debian.org/debian-lts-announce/2022/05/msg00020.htmlhttps://www.debian.org/security/2022/dsa-5157https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/https://security.gentoo.org/glsa/202311-05https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010818https://ubuntu.com/security/notices/USN-5459-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook