ID CVE-2012-1586
Summary mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:debian:cifs-utils:2.6
    cpe:2.3:a:debian:cifs-utils:2.6
CVSS
Base: 2.1 (as of 28-08-2012 - 12:11)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description mount.cifs chdir() Arbitrary Root File Identification. CVE-2012-1586. Local exploit for linux platform
id EDB-ID:18783
last seen 2016-02-02
modified 2012-04-25
published 2012-04-25
reporter Sha0
source https://www.exploit-db.com/download/18783/
title mount.cifs chdir Arbitrary Root File Identification
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0902.NASL
    description From Red Hat Security Advisory 2012:0902 : An updated cifs-utils package that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. (CVE-2012-1586) Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. This update also fixes the following bugs : * The cifs.mount(8) manual page was previously missing documentation for several mount options. With this update, the missing entries have been added to the manual page. (BZ#769923) * Previously, the mount.cifs utility did not properly update the '/etc/mtab' system information file when remounting an existing CIFS mount. Consequently, mount.cifs created a duplicate entry of the existing mount entry. This update adds the del_mtab() function to cifs.mount, which ensures that the old mount entry is removed from '/etc/mtab' before adding the updated mount entry. (BZ#770004) * The mount.cifs utility did not properly convert user and group names to numeric UIDs and GIDs. Therefore, when the 'uid', 'gid' or 'cruid' mount options were specified with user or group names, CIFS shares were mounted with default values. This caused shares to be inaccessible to the intended users because UID and GID is set to '0' by default. With this update, user and group names are properly converted so that CIFS shares are now mounted with specified user and group ownership as expected. (BZ#796463) * The cifs.upcall utility did not respect the 'domain_realm' section in the 'krb5.conf' file and worked only with the default domain. Consequently, an attempt to mount a CIFS share from a different than the default domain failed with the following error message : mount error(126): Required key not available This update modifies the underlying code so that cifs.upcall handles multiple Kerberos domains correctly and CIFS shares can now be mounted as expected in a multi-domain environment. (BZ#805490) In addition, this update adds the following enhancements : * The cifs.upcall utility previously always used the '/etc/krb5.conf' file regardless of whether the user had specified a custom Kerberos configuration file. This update adds the '--krb5conf' option to cifs.upcall allowing the administrator to specify an alternate krb5.conf file. For more information on this option, refer to the cifs.upcall(8) manual page. (BZ#748756) * The cifs.upcall utility did not optimally determine the correct service principal name (SPN) used for Kerberos authentication, which occasionally caused krb5 authentication to fail when mounting a server's unqualified domain name. This update improves cifs.upcall so that the method used to determine the SPN is now more versatile. (BZ#748757) * This update adds the 'backupuid' and 'backupgid' mount options to the mount.cifs utility. When specified, these options grant a user or a group the right to access files with the backup intent. For more information on these options, refer to the mount.cifs(8) manual page. (BZ#806337) All users of cifs-utils are advised to upgrade to this updated package, which contains backported patches to fix these issues and add these enhancements.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68560
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68560
    title Oracle Linux 6 : cifs-utils (ELSA-2012-0902)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CIFS-MOUNT-8449.NASL
    description The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery (CVE-2013-0214) and a click-jacking attack (CVE-2013-0213). This has been fixed. Additionally a bug in mount.cifs has been fixed which could have lead to file disclosure. (CVE-2012-1586) Also a uninitialized memory read bug in talloc_free() has been fixed. . (bnc#764577)
    last seen 2019-02-21
    modified 2013-08-17
    plugin id 64865
    published 2013-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64865
    title SuSE 10 Security Update : Samba (ZYPP Patch Number 8449)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CIFS-MOUNT-120424.NASL
    description This update of Samba includes the following fixes for two security issues : - Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. (CVE-2012-2111) - mount.cifs no longer allows unprivileged users to mount onto dirs that are not accessible to them. (CVE-2012-1586)
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 58941
    published 2012-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58941
    title SuSE 11.1 Security Update : Samba (SAT Patch Number 6210)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CIFS-UTILS-120423.NASL
    description The following issue has been fixed : - Don't allow unprivileged users to mount onto dirs to which they can't chdir. (CVE-2012-1586)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58942
    published 2012-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58942
    title SuSE 11.2 Security Update : cifs-utils (SAT Patch Number 6196)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0902.NASL
    description An updated cifs-utils package that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. (CVE-2012-1586) Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. This update also fixes the following bugs : * The cifs.mount(8) manual page was previously missing documentation for several mount options. With this update, the missing entries have been added to the manual page. (BZ#769923) * Previously, the mount.cifs utility did not properly update the '/etc/mtab' system information file when remounting an existing CIFS mount. Consequently, mount.cifs created a duplicate entry of the existing mount entry. This update adds the del_mtab() function to cifs.mount, which ensures that the old mount entry is removed from '/etc/mtab' before adding the updated mount entry. (BZ#770004) * The mount.cifs utility did not properly convert user and group names to numeric UIDs and GIDs. Therefore, when the 'uid', 'gid' or 'cruid' mount options were specified with user or group names, CIFS shares were mounted with default values. This caused shares to be inaccessible to the intended users because UID and GID is set to '0' by default. With this update, user and group names are properly converted so that CIFS shares are now mounted with specified user and group ownership as expected. (BZ#796463) * The cifs.upcall utility did not respect the 'domain_realm' section in the 'krb5.conf' file and worked only with the default domain. Consequently, an attempt to mount a CIFS share from a different than the default domain failed with the following error message : mount error(126): Required key not available This update modifies the underlying code so that cifs.upcall handles multiple Kerberos domains correctly and CIFS shares can now be mounted as expected in a multi-domain environment. (BZ#805490) In addition, this update adds the following enhancements : * The cifs.upcall utility previously always used the '/etc/krb5.conf' file regardless of whether the user had specified a custom Kerberos configuration file. This update adds the '--krb5conf' option to cifs.upcall allowing the administrator to specify an alternate krb5.conf file. For more information on this option, refer to the cifs.upcall(8) manual page. (BZ#748756) * The cifs.upcall utility did not optimally determine the correct service principal name (SPN) used for Kerberos authentication, which occasionally caused krb5 authentication to fail when mounting a server's unqualified domain name. This update improves cifs.upcall so that the method used to determine the SPN is now more versatile. (BZ#748757) * This update adds the 'backupuid' and 'backupgid' mount options to the mount.cifs utility. When specified, these options grant a user or a group the right to access files with the backup intent. For more information on these options, refer to the mount.cifs(8) manual page. (BZ#806337) All users of cifs-utils are advised to upgrade to this updated package, which contains backported patches to fix these issues and add these enhancements.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 59596
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59596
    title RHEL 6 : cifs-utils (RHSA-2012:0902)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-070.NASL
    description A vulnerability has been found and corrected in samba : A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm (non) existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run (CVE-2012-1586). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 59012
    published 2012-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59012
    title Mandriva Linux Security Advisory : samba (MDVSA-2012:070)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0902.NASL
    description An updated cifs-utils package that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. (CVE-2012-1586) Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. This update also fixes the following bugs : * The cifs.mount(8) manual page was previously missing documentation for several mount options. With this update, the missing entries have been added to the manual page. (BZ#769923) * Previously, the mount.cifs utility did not properly update the '/etc/mtab' system information file when remounting an existing CIFS mount. Consequently, mount.cifs created a duplicate entry of the existing mount entry. This update adds the del_mtab() function to cifs.mount, which ensures that the old mount entry is removed from '/etc/mtab' before adding the updated mount entry. (BZ#770004) * The mount.cifs utility did not properly convert user and group names to numeric UIDs and GIDs. Therefore, when the 'uid', 'gid' or 'cruid' mount options were specified with user or group names, CIFS shares were mounted with default values. This caused shares to be inaccessible to the intended users because UID and GID is set to '0' by default. With this update, user and group names are properly converted so that CIFS shares are now mounted with specified user and group ownership as expected. (BZ#796463) * The cifs.upcall utility did not respect the 'domain_realm' section in the 'krb5.conf' file and worked only with the default domain. Consequently, an attempt to mount a CIFS share from a different than the default domain failed with the following error message : mount error(126): Required key not available This update modifies the underlying code so that cifs.upcall handles multiple Kerberos domains correctly and CIFS shares can now be mounted as expected in a multi-domain environment. (BZ#805490) In addition, this update adds the following enhancements : * The cifs.upcall utility previously always used the '/etc/krb5.conf' file regardless of whether the user had specified a custom Kerberos configuration file. This update adds the '--krb5conf' option to cifs.upcall allowing the administrator to specify an alternate krb5.conf file. For more information on this option, refer to the cifs.upcall(8) manual page. (BZ#748756) * The cifs.upcall utility did not optimally determine the correct service principal name (SPN) used for Kerberos authentication, which occasionally caused krb5 authentication to fail when mounting a server's unqualified domain name. This update improves cifs.upcall so that the method used to determine the SPN is now more versatile. (BZ#748757) * This update adds the 'backupuid' and 'backupgid' mount options to the mount.cifs utility. When specified, these options grant a user or a group the right to access files with the backup intent. For more information on these options, refer to the mount.cifs(8) manual page. (BZ#806337) All users of cifs-utils are advised to upgrade to this updated package, which contains backported patches to fix these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 59931
    published 2012-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59931
    title CentOS 6 : cifs-utils (CESA-2012:0902)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-0325-1.NASL
    description The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery (CVE-2013-0214) and a click-jacking attack (CVE-2013-0213). This has been fixed. Additionally a bug in mount.cifs has been fixed which could have lead to file disclosure (CVE-2012-1586). Also a uninitialized memory read bug in talloc_free() has been fixed. (bnc#764577). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 83575
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83575
    title SUSE SLED10 / SLES10 Security Update : Samba (SUSE-SU-2013:0325-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-069.NASL
    description A vulnerability has been found and corrected in cifs-utils : A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm (non) existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run (CVE-2012-1586). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 59011
    published 2012-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59011
    title Mandriva Linux Security Advisory : cifs-utils (MDVSA-2012:069)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6375.NASL
    description This updates the cifs-utils package to version 5.4, which contains a number of bugfixes and enhancements. Highlights include : - mount.cifs now supports the -s option by passing 'sloppy' to the kernel in the options string - cifs.upcall now properly respects the domain_realm section in krb5.conf - unprivileged users can no longer mount onto dirs into which they can't chdir (fixes CVE-2012-1586) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 58930
    published 2012-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58930
    title Fedora 16 : cifs-utils-5.4-1.fc16 (2012-6375)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120620_CIFS_UTILS_ON_SL6_X.NASL
    description The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. (CVE-2012-1586) Note: mount.cifs from the cifs-utils package distributed by Scientific Linux does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. This update also fixes the following bugs : - The cifs.mount(8) manual page was previously missing documentation for several mount options. With this update, the missing entries have been added to the manual page. - Previously, the mount.cifs utility did not properly update the '/etc/mtab' system information file when remounting an existing CIFS mount. Consequently, mount.cifs created a duplicate entry of the existing mount entry. This update adds the del_mtab() function to cifs.mount, which ensures that the old mount entry is removed from '/etc/mtab' before adding the updated mount entry. - The mount.cifs utility did not properly convert user and group names to numeric UIDs and GIDs. Therefore, when the 'uid', 'gid' or 'cruid' mount options were specified with user or group names, CIFS shares were mounted with default values. This caused shares to be inaccessible to the intended users because UID and GID is set to '0' by default. With this update, user and group names are properly converted so that CIFS shares are now mounted with specified user and group ownership as expected. - The cifs.upcall utility did not respect the 'domain_realm' section in the 'krb5.conf' file and worked only with the default domain. Consequently, an attempt to mount a CIFS share from a different than the default domain failed with the following error message : mount error(126): Required key not available This update modifies the underlying code so that cifs.upcall handles multiple Kerberos domains correctly and CIFS shares can now be mounted as expected in a multi-domain environment. In addition, this update adds the following enhancements : - The cifs.upcall utility previously always used the '/etc/krb5.conf' file regardless of whether the user had specified a custom Kerberos configuration file. This update adds the '--krb5conf' option to cifs.upcall allowing the administrator to specify an alternate krb5.conf file. For more information on this option, refer to the cifs.upcall(8) manual page. - The cifs.upcall utility did not optimally determine the correct service principal name (SPN) used for Kerberos authentication, which occasionally caused krb5 authentication to fail when mounting a server's unqualified domain name. This update improves cifs.upcall so that the method used to determine the SPN is now more versatile. - This update adds the 'backupuid' and 'backupgid' mount options to the mount.cifs utility. When specified, these options grant a user or a group the right to access files with the backup intent. For more information on these options, refer to the mount.cifs(8) manual page. All users of cifs-utils are advised to upgrade to this updated package, which contains backported patches to fix these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61338
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61338
    title Scientific Linux Security Update : cifs-utils on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6257.NASL
    description This updates the cifs-utils package to version 5.4, which contains a number of bugfixes and enhancements. Highlights include : - mount.cifs now supports the -s option by passing 'sloppy' to the kernel in the options string - cifs.upcall now properly respects the domain_realm section in krb5.conf - unprivileged users can no longer mount onto dirs into which they can't chdir (fixes CVE-2012-1586) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 58958
    published 2012-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58958
    title Fedora 17 : cifs-utils-5.4-1.fc17 (2012-6257)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6398.NASL
    description This updates the cifs-utils package to version 5.4, which contains a number of bugfixes and enhancements. Highlights include : - mount.cifs now supports the -s option by passing 'sloppy' to the kernel in the options string - cifs.upcall now properly respects the domain_realm section in krb5.conf - unprivileged users can no longer mount onto dirs into which they can't chdir (fixes CVE-2012-1586) - the cifscreds, getcifsacl and setcifsacl programs have been added to the package Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 58932
    published 2012-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58932
    title Fedora 15 : cifs-utils-5.4-1.fc15 (2012-6398)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-268.NASL
    description mount.cifs could leak information about existence of files normally not accessible to users
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74619
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74619
    title openSUSE Security Update : cifs-utils (openSUSE-SU-2012:0607-1)
redhat via4
advisories
bugzilla
id 807252
title CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability
oval
AND
  • comment cifs-utils is earlier than 0:4.8.1-10.el6
    oval oval:com.redhat.rhsa:tst:20120902005
  • comment cifs-utils is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20111221006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2012:0902
released 2012-06-20
severity Low
title RHSA-2012:0902: cifs-utils security, bug fix, and enhancement update (Low)
rpms cifs-utils-0:4.8.1-10.el6
refmap via4
confirm https://bugzilla.samba.org/show_bug.cgi?id=8821
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923
mlist
  • [oss-security] 20120327 CVE id request: cifs-utils
  • [oss-security] 20120327 Re: CVE id request: cifs-utils
suse SUSE-SU-2012:0575
Last major update 28-08-2012 - 00:00
Published 27-08-2012 - 19:55
Back to Top