Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-1586 (GCVE-0-2012-1586)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 19:01
VLAI?
EPSS
Summary
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0575",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"name": "[oss-security] 20120327 Re: CVE id request: cifs-utils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
},
{
"name": "[oss-security] 20120327 CVE id request: cifs-utils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-27T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0575",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"name": "[oss-security] 20120327 Re: CVE id request: cifs-utils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
},
{
"name": "[oss-security] 20120327 CVE id request: cifs-utils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1586",
"datePublished": "2012-08-27T23:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-08-06T19:01:02.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:cifs-utils:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2B2C208-F9BB-42E3-9F64-1D041165DD16\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.\"}, {\"lang\": \"es\", \"value\": \"mount.cifs en cifs-utils v2.6 permite a los usuarios locales determinar la existencia de ficheros o directorios arbitrarios a trav\\u00e9s de la ruta del archivo en el segundo argumento, que revela la existencia de un mensaje de error.\"}]",
"id": "CVE-2012-1586",
"lastModified": "2024-11-21T01:37:15.643",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-08-27T23:55:01.507",
"references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/27/1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/27/6\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=8821\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/27/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/27/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=8821\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-1586\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-08-27T23:55:01.507\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.\"},{\"lang\":\"es\",\"value\":\"mount.cifs en cifs-utils v2.6 permite a los usuarios locales determinar la existencia de ficheros o directorios arbitrarios a trav\u00e9s de la ruta del archivo en el segundo argumento, que revela la existencia de un mensaje de error.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:cifs-utils:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2B2C208-F9BB-42E3-9F64-1D041165DD16\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/27/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/27/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=8821\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/27/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/27/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=8821\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2012-1586
Vulnerability from fkie_nvd - Published: 2012-08-27 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | cifs-utils | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:cifs-utils:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B2C208-F9BB-42E3-9F64-1D041165DD16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message."
},
{
"lang": "es",
"value": "mount.cifs en cifs-utils v2.6 permite a los usuarios locales determinar la existencia de ficheros o directorios arbitrarios a trav\u00e9s de la ruta del archivo en el segundo argumento, que revela la existencia de un mensaje de error."
}
],
"id": "CVE-2012-1586",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-27T23:55:01.507",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2012:0902
Vulnerability from csaf_redhat - Published: 2012-06-19 15:23 - Updated: 2025-11-21 17:40Summary
Red Hat Security Advisory: cifs-utils security, bug fix, and enhancement update
Notes
Topic
An updated cifs-utils package that fixes one security issue, multiple bugs,
and adds various enhancements is now available for Red Hat
Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The cifs-utils package contains tools for mounting and managing shares on
Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard
Linux file systems.
A file existence disclosure flaw was found in mount.cifs. If the tool was
installed with the setuid bit set, a local attacker could use this flaw to
determine the existence of files or directories in directories not
accessible to the attacker. (CVE-2012-1586)
Note: mount.cifs from the cifs-utils package distributed by Red Hat does
not have the setuid bit set. We recommend that administrators do not
manually set the setuid bit for mount.cifs.
This update also fixes the following bugs:
* The cifs.mount(8) manual page was previously missing documentation for
several mount options. With this update, the missing entries have been
added to the manual page. (BZ#769923)
* Previously, the mount.cifs utility did not properly update the
"/etc/mtab" system information file when remounting an existing CIFS
mount. Consequently, mount.cifs created a duplicate entry of the existing
mount entry. This update adds the del_mtab() function to cifs.mount, which
ensures that the old mount entry is removed from "/etc/mtab" before adding
the updated mount entry. (BZ#770004)
* The mount.cifs utility did not properly convert user and group names to
numeric UIDs and GIDs. Therefore, when the "uid", "gid" or "cruid" mount
options were specified with user or group names, CIFS shares were mounted
with default values. This caused shares to be inaccessible to the intended
users because UID and GID is set to "0" by default. With this update, user
and group names are properly converted so that CIFS shares are now mounted
with specified user and group ownership as expected. (BZ#796463)
* The cifs.upcall utility did not respect the "domain_realm" section in
the "krb5.conf" file and worked only with the default domain.
Consequently, an attempt to mount a CIFS share from a different than the
default domain failed with the following error message:
mount error(126): Required key not available
This update modifies the underlying code so that cifs.upcall handles
multiple Kerberos domains correctly and CIFS shares can now be mounted as
expected in a multi-domain environment. (BZ#805490)
In addition, this update adds the following enhancements:
* The cifs.upcall utility previously always used the "/etc/krb5.conf" file
regardless of whether the user had specified a custom Kerberos
configuration file. This update adds the "--krb5conf" option to
cifs.upcall allowing the administrator to specify an alternate
krb5.conf file. For more information on this option, refer to the
cifs.upcall(8) manual page. (BZ#748756)
* The cifs.upcall utility did not optimally determine the correct service
principal name (SPN) used for Kerberos authentication, which occasionally
caused krb5 authentication to fail when mounting a server's unqualified
domain name. This update improves cifs.upcall so that the method used to
determine the SPN is now more versatile. (BZ#748757)
* This update adds the "backupuid" and "backupgid" mount options to the
mount.cifs utility. When specified, these options grant a user or a group
the right to access files with the backup intent. For more information on
these options, refer to the mount.cifs(8) manual page. (BZ#806337)
All users of cifs-utils are advised to upgrade to this updated package,
which contains backported patches to fix these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cifs-utils package that fixes one security issue, multiple bugs,\nand adds various enhancements is now available for Red Hat\nEnterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cifs-utils package contains tools for mounting and managing shares on\nLinux using the SMB/CIFS protocol. The CIFS shares can be used as standard\nLinux file systems.\n\nA file existence disclosure flaw was found in mount.cifs. If the tool was\ninstalled with the setuid bit set, a local attacker could use this flaw to\ndetermine the existence of files or directories in directories not\naccessible to the attacker. (CVE-2012-1586)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nThis update also fixes the following bugs:\n\n* The cifs.mount(8) manual page was previously missing documentation for\nseveral mount options. With this update, the missing entries have been\nadded to the manual page. (BZ#769923)\n\n* Previously, the mount.cifs utility did not properly update the\n\"/etc/mtab\" system information file when remounting an existing CIFS\nmount. Consequently, mount.cifs created a duplicate entry of the existing\nmount entry. This update adds the del_mtab() function to cifs.mount, which\nensures that the old mount entry is removed from \"/etc/mtab\" before adding\nthe updated mount entry. (BZ#770004)\n\n* The mount.cifs utility did not properly convert user and group names to\nnumeric UIDs and GIDs. Therefore, when the \"uid\", \"gid\" or \"cruid\" mount\noptions were specified with user or group names, CIFS shares were mounted\nwith default values. This caused shares to be inaccessible to the intended\nusers because UID and GID is set to \"0\" by default. With this update, user\nand group names are properly converted so that CIFS shares are now mounted\nwith specified user and group ownership as expected. (BZ#796463)\n\n* The cifs.upcall utility did not respect the \"domain_realm\" section in\nthe \"krb5.conf\" file and worked only with the default domain.\nConsequently, an attempt to mount a CIFS share from a different than the\ndefault domain failed with the following error message:\n\n mount error(126): Required key not available\n\nThis update modifies the underlying code so that cifs.upcall handles\nmultiple Kerberos domains correctly and CIFS shares can now be mounted as\nexpected in a multi-domain environment. (BZ#805490)\n\nIn addition, this update adds the following enhancements:\n\n* The cifs.upcall utility previously always used the \"/etc/krb5.conf\" file\nregardless of whether the user had specified a custom Kerberos\nconfiguration file. This update adds the \"--krb5conf\" option to\ncifs.upcall allowing the administrator to specify an alternate\nkrb5.conf file. For more information on this option, refer to the\ncifs.upcall(8) manual page. (BZ#748756)\n\n* The cifs.upcall utility did not optimally determine the correct service\nprincipal name (SPN) used for Kerberos authentication, which occasionally\ncaused krb5 authentication to fail when mounting a server\u0027s unqualified\ndomain name. This update improves cifs.upcall so that the method used to\ndetermine the SPN is now more versatile. (BZ#748757)\n\n* This update adds the \"backupuid\" and \"backupgid\" mount options to the\nmount.cifs utility. When specified, these options grant a user or a group\nthe right to access files with the backup intent. For more information on\nthese options, refer to the mount.cifs(8) manual page. (BZ#806337)\n\nAll users of cifs-utils are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues and add these\nenhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0902",
"url": "https://access.redhat.com/errata/RHSA-2012:0902"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "748756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=748756"
},
{
"category": "external",
"summary": "748757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=748757"
},
{
"category": "external",
"summary": "807252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=807252"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0902.json"
}
],
"title": "Red Hat Security Advisory: cifs-utils security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:40:40+00:00",
"generator": {
"date": "2025-11-21T17:40:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2012:0902",
"initial_release_date": "2012-06-19T15:23:00+00:00",
"revision_history": [
{
"date": "2012-06-19T15:23:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-06-19T15:28:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:40:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.x86_64",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64",
"product_id": "cifs-utils-0:4.8.1-10.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.i686",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.i686",
"product_id": "cifs-utils-0:4.8.1-10.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.src",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.src",
"product_id": "cifs-utils-0:4.8.1-10.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.ppc64",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64",
"product_id": "cifs-utils-0:4.8.1-10.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.s390x",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x",
"product_id": "cifs-utils-0:4.8.1-10.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-1586",
"discovery_date": "2012-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "807252"
}
],
"notes": [
{
"category": "description",
"text": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cifs-utils: mount.cifs file existence disclosure vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of samba/samba3x as shipped with Red Hat Enterprise Linux 5. This issue is not currently planned to be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client:cifs-utils-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-0:4.8.1-10.el6.src",
"6Client:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.src",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-0:4.8.1-10.el6.src",
"6Server:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-0:4.8.1-10.el6.src",
"6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1586"
},
{
"category": "external",
"summary": "RHBZ#807252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=807252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1586"
}
],
"release_date": "2012-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-19T15:23:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client:cifs-utils-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-0:4.8.1-10.el6.src",
"6Client:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.src",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-0:4.8.1-10.el6.src",
"6Server:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-0:4.8.1-10.el6.src",
"6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0902"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client:cifs-utils-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-0:4.8.1-10.el6.src",
"6Client:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.src",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-0:4.8.1-10.el6.src",
"6Server:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-0:4.8.1-10.el6.src",
"6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cifs-utils: mount.cifs file existence disclosure vulnerability"
}
]
}
RHSA-2012_0902
Vulnerability from csaf_redhat - Published: 2012-06-19 15:23 - Updated: 2024-11-22 05:08Summary
Red Hat Security Advisory: cifs-utils security, bug fix, and enhancement update
Notes
Topic
An updated cifs-utils package that fixes one security issue, multiple bugs,
and adds various enhancements is now available for Red Hat
Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The cifs-utils package contains tools for mounting and managing shares on
Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard
Linux file systems.
A file existence disclosure flaw was found in mount.cifs. If the tool was
installed with the setuid bit set, a local attacker could use this flaw to
determine the existence of files or directories in directories not
accessible to the attacker. (CVE-2012-1586)
Note: mount.cifs from the cifs-utils package distributed by Red Hat does
not have the setuid bit set. We recommend that administrators do not
manually set the setuid bit for mount.cifs.
This update also fixes the following bugs:
* The cifs.mount(8) manual page was previously missing documentation for
several mount options. With this update, the missing entries have been
added to the manual page. (BZ#769923)
* Previously, the mount.cifs utility did not properly update the
"/etc/mtab" system information file when remounting an existing CIFS
mount. Consequently, mount.cifs created a duplicate entry of the existing
mount entry. This update adds the del_mtab() function to cifs.mount, which
ensures that the old mount entry is removed from "/etc/mtab" before adding
the updated mount entry. (BZ#770004)
* The mount.cifs utility did not properly convert user and group names to
numeric UIDs and GIDs. Therefore, when the "uid", "gid" or "cruid" mount
options were specified with user or group names, CIFS shares were mounted
with default values. This caused shares to be inaccessible to the intended
users because UID and GID is set to "0" by default. With this update, user
and group names are properly converted so that CIFS shares are now mounted
with specified user and group ownership as expected. (BZ#796463)
* The cifs.upcall utility did not respect the "domain_realm" section in
the "krb5.conf" file and worked only with the default domain.
Consequently, an attempt to mount a CIFS share from a different than the
default domain failed with the following error message:
mount error(126): Required key not available
This update modifies the underlying code so that cifs.upcall handles
multiple Kerberos domains correctly and CIFS shares can now be mounted as
expected in a multi-domain environment. (BZ#805490)
In addition, this update adds the following enhancements:
* The cifs.upcall utility previously always used the "/etc/krb5.conf" file
regardless of whether the user had specified a custom Kerberos
configuration file. This update adds the "--krb5conf" option to
cifs.upcall allowing the administrator to specify an alternate
krb5.conf file. For more information on this option, refer to the
cifs.upcall(8) manual page. (BZ#748756)
* The cifs.upcall utility did not optimally determine the correct service
principal name (SPN) used for Kerberos authentication, which occasionally
caused krb5 authentication to fail when mounting a server's unqualified
domain name. This update improves cifs.upcall so that the method used to
determine the SPN is now more versatile. (BZ#748757)
* This update adds the "backupuid" and "backupgid" mount options to the
mount.cifs utility. When specified, these options grant a user or a group
the right to access files with the backup intent. For more information on
these options, refer to the mount.cifs(8) manual page. (BZ#806337)
All users of cifs-utils are advised to upgrade to this updated package,
which contains backported patches to fix these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cifs-utils package that fixes one security issue, multiple bugs,\nand adds various enhancements is now available for Red Hat\nEnterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cifs-utils package contains tools for mounting and managing shares on\nLinux using the SMB/CIFS protocol. The CIFS shares can be used as standard\nLinux file systems.\n\nA file existence disclosure flaw was found in mount.cifs. If the tool was\ninstalled with the setuid bit set, a local attacker could use this flaw to\ndetermine the existence of files or directories in directories not\naccessible to the attacker. (CVE-2012-1586)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nThis update also fixes the following bugs:\n\n* The cifs.mount(8) manual page was previously missing documentation for\nseveral mount options. With this update, the missing entries have been\nadded to the manual page. (BZ#769923)\n\n* Previously, the mount.cifs utility did not properly update the\n\"/etc/mtab\" system information file when remounting an existing CIFS\nmount. Consequently, mount.cifs created a duplicate entry of the existing\nmount entry. This update adds the del_mtab() function to cifs.mount, which\nensures that the old mount entry is removed from \"/etc/mtab\" before adding\nthe updated mount entry. (BZ#770004)\n\n* The mount.cifs utility did not properly convert user and group names to\nnumeric UIDs and GIDs. Therefore, when the \"uid\", \"gid\" or \"cruid\" mount\noptions were specified with user or group names, CIFS shares were mounted\nwith default values. This caused shares to be inaccessible to the intended\nusers because UID and GID is set to \"0\" by default. With this update, user\nand group names are properly converted so that CIFS shares are now mounted\nwith specified user and group ownership as expected. (BZ#796463)\n\n* The cifs.upcall utility did not respect the \"domain_realm\" section in\nthe \"krb5.conf\" file and worked only with the default domain.\nConsequently, an attempt to mount a CIFS share from a different than the\ndefault domain failed with the following error message:\n\n mount error(126): Required key not available\n\nThis update modifies the underlying code so that cifs.upcall handles\nmultiple Kerberos domains correctly and CIFS shares can now be mounted as\nexpected in a multi-domain environment. (BZ#805490)\n\nIn addition, this update adds the following enhancements:\n\n* The cifs.upcall utility previously always used the \"/etc/krb5.conf\" file\nregardless of whether the user had specified a custom Kerberos\nconfiguration file. This update adds the \"--krb5conf\" option to\ncifs.upcall allowing the administrator to specify an alternate\nkrb5.conf file. For more information on this option, refer to the\ncifs.upcall(8) manual page. (BZ#748756)\n\n* The cifs.upcall utility did not optimally determine the correct service\nprincipal name (SPN) used for Kerberos authentication, which occasionally\ncaused krb5 authentication to fail when mounting a server\u0027s unqualified\ndomain name. This update improves cifs.upcall so that the method used to\ndetermine the SPN is now more versatile. (BZ#748757)\n\n* This update adds the \"backupuid\" and \"backupgid\" mount options to the\nmount.cifs utility. When specified, these options grant a user or a group\nthe right to access files with the backup intent. For more information on\nthese options, refer to the mount.cifs(8) manual page. (BZ#806337)\n\nAll users of cifs-utils are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues and add these\nenhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0902",
"url": "https://access.redhat.com/errata/RHSA-2012:0902"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "748756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=748756"
},
{
"category": "external",
"summary": "748757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=748757"
},
{
"category": "external",
"summary": "807252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=807252"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0902.json"
}
],
"title": "Red Hat Security Advisory: cifs-utils security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T05:08:31+00:00",
"generator": {
"date": "2024-11-22T05:08:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2012:0902",
"initial_release_date": "2012-06-19T15:23:00+00:00",
"revision_history": [
{
"date": "2012-06-19T15:23:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-06-19T15:28:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T05:08:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.x86_64",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64",
"product_id": "cifs-utils-0:4.8.1-10.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.i686",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.i686",
"product_id": "cifs-utils-0:4.8.1-10.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.src",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.src",
"product_id": "cifs-utils-0:4.8.1-10.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.ppc64",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64",
"product_id": "cifs-utils-0:4.8.1-10.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"product": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"product_id": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils-debuginfo@4.8.1-10.el6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cifs-utils-0:4.8.1-10.el6.s390x",
"product": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x",
"product_id": "cifs-utils-0:4.8.1-10.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cifs-utils@4.8.1-10.el6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.src"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.src",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
},
"product_reference": "cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-1586",
"discovery_date": "2012-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "807252"
}
],
"notes": [
{
"category": "description",
"text": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cifs-utils: mount.cifs file existence disclosure vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of samba/samba3x as shipped with Red Hat Enterprise Linux 5. This issue is not currently planned to be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client:cifs-utils-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-0:4.8.1-10.el6.src",
"6Client:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.src",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-0:4.8.1-10.el6.src",
"6Server:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-0:4.8.1-10.el6.src",
"6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1586"
},
{
"category": "external",
"summary": "RHBZ#807252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=807252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1586"
}
],
"release_date": "2012-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-06-19T15:23:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client:cifs-utils-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-0:4.8.1-10.el6.src",
"6Client:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.src",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-0:4.8.1-10.el6.src",
"6Server:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-0:4.8.1-10.el6.src",
"6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0902"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client:cifs-utils-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-0:4.8.1-10.el6.src",
"6Client:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Client:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.src",
"6ComputeNode:cifs-utils-0:4.8.1-10.el6.x86_64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6ComputeNode:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-0:4.8.1-10.el6.src",
"6Server:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Server:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-0:4.8.1-10.el6.src",
"6Workstation:cifs-utils-0:4.8.1-10.el6.x86_64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.i686",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.ppc64",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.s390x",
"6Workstation:cifs-utils-debuginfo-0:4.8.1-10.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cifs-utils: mount.cifs file existence disclosure vulnerability"
}
]
}
GHSA-PM5W-CHJ8-22CJ
Vulnerability from github – Published: 2022-05-17 05:24 – Updated: 2022-05-17 05:24
VLAI?
Details
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
{
"affected": [],
"aliases": [
"CVE-2012-1586"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-27T23:55:00Z",
"severity": "LOW"
},
"details": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"id": "GHSA-pm5w-chj8-22cj",
"modified": "2022-05-17T05:24:20Z",
"published": "2022-05-17T05:24:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1586"
},
{
"type": "WEB",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
}
],
"schema_version": "1.4.0",
"severity": []
}
OPENSUSE-SU-2024:10334-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cifs-utils-6.5-1.5 on GA media
Notes
Title of the patch
cifs-utils-6.5-1.5 on GA media
Description of the patch
These are all security issues fixed in the cifs-utils-6.5-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10334
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cifs-utils-6.5-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cifs-utils-6.5-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10334",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10334-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-1886 page",
"url": "https://www.suse.com/security/cve/CVE-2009-1886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-1888 page",
"url": "https://www.suse.com/security/cve/CVE-2009-1888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2813 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2906 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2948 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0547 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0728 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0787 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1586 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1586/"
}
],
"title": "cifs-utils-6.5-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10334-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.aarch64",
"product": {
"name": "cifs-utils-6.5-1.5.aarch64",
"product_id": "cifs-utils-6.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.aarch64",
"product": {
"name": "cifs-utils-devel-6.5-1.5.aarch64",
"product_id": "cifs-utils-devel-6.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.aarch64",
"product": {
"name": "pam_cifscreds-6.5-1.5.aarch64",
"product_id": "pam_cifscreds-6.5-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.ppc64le",
"product": {
"name": "cifs-utils-6.5-1.5.ppc64le",
"product_id": "cifs-utils-6.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.ppc64le",
"product": {
"name": "cifs-utils-devel-6.5-1.5.ppc64le",
"product_id": "cifs-utils-devel-6.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.ppc64le",
"product": {
"name": "pam_cifscreds-6.5-1.5.ppc64le",
"product_id": "pam_cifscreds-6.5-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.s390x",
"product": {
"name": "cifs-utils-6.5-1.5.s390x",
"product_id": "cifs-utils-6.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.s390x",
"product": {
"name": "cifs-utils-devel-6.5-1.5.s390x",
"product_id": "cifs-utils-devel-6.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.s390x",
"product": {
"name": "pam_cifscreds-6.5-1.5.s390x",
"product_id": "pam_cifscreds-6.5-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.x86_64",
"product": {
"name": "cifs-utils-6.5-1.5.x86_64",
"product_id": "cifs-utils-6.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.x86_64",
"product": {
"name": "cifs-utils-devel-6.5-1.5.x86_64",
"product_id": "cifs-utils-devel-6.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.x86_64",
"product": {
"name": "pam_cifscreds-6.5-1.5.x86_64",
"product_id": "pam_cifscreds-6.5-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64"
},
"product_reference": "cifs-utils-6.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le"
},
"product_reference": "cifs-utils-6.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x"
},
"product_reference": "cifs-utils-6.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64"
},
"product_reference": "cifs-utils-6.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64"
},
"product_reference": "cifs-utils-devel-6.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le"
},
"product_reference": "cifs-utils-devel-6.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x"
},
"product_reference": "cifs-utils-devel-6.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64"
},
"product_reference": "cifs-utils-devel-6.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64"
},
"product_reference": "pam_cifscreds-6.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le"
},
"product_reference": "pam_cifscreds-6.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x"
},
"product_reference": "pam_cifscreds-6.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
},
"product_reference": "pam_cifscreds-6.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-1886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-1886"
}
],
"notes": [
{
"category": "general",
"text": "Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-1886",
"url": "https://www.suse.com/security/cve/CVE-2009-1886"
},
{
"category": "external",
"summary": "SUSE Bug 513360 for CVE-2009-1886",
"url": "https://bugzilla.suse.com/513360"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-1886",
"url": "https://bugzilla.suse.com/515479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2009-1886"
},
{
"cve": "CVE-2009-1888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-1888"
}
],
"notes": [
{
"category": "general",
"text": "The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-1888",
"url": "https://www.suse.com/security/cve/CVE-2009-1888"
},
{
"category": "external",
"summary": "SUSE Bug 513360 for CVE-2009-1888",
"url": "https://bugzilla.suse.com/513360"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-1888",
"url": "https://bugzilla.suse.com/515479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-1888"
},
{
"cve": "CVE-2009-2813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2813"
}
],
"notes": [
{
"category": "general",
"text": "Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2813",
"url": "https://www.suse.com/security/cve/CVE-2009-2813"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-2813",
"url": "https://bugzilla.suse.com/515479"
},
{
"category": "external",
"summary": "SUSE Bug 539517 for CVE-2009-2813",
"url": "https://bugzilla.suse.com/539517"
},
{
"category": "external",
"summary": "SUSE Bug 543115 for CVE-2009-2813",
"url": "https://bugzilla.suse.com/543115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-2813"
},
{
"cve": "CVE-2009-2906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2906"
}
],
"notes": [
{
"category": "general",
"text": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2906",
"url": "https://www.suse.com/security/cve/CVE-2009-2906"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-2906",
"url": "https://bugzilla.suse.com/515479"
},
{
"category": "external",
"summary": "SUSE Bug 543115 for CVE-2009-2906",
"url": "https://bugzilla.suse.com/543115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2009-2906"
},
{
"cve": "CVE-2009-2948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2948"
}
],
"notes": [
{
"category": "general",
"text": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2948",
"url": "https://www.suse.com/security/cve/CVE-2009-2948"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-2948",
"url": "https://bugzilla.suse.com/515479"
},
{
"category": "external",
"summary": "SUSE Bug 542150 for CVE-2009-2948",
"url": "https://bugzilla.suse.com/542150"
},
{
"category": "external",
"summary": "SUSE Bug 543115 for CVE-2009-2948",
"url": "https://bugzilla.suse.com/543115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2009-2948"
},
{
"cve": "CVE-2010-0547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0547"
}
],
"notes": [
{
"category": "general",
"text": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0547",
"url": "https://www.suse.com/security/cve/CVE-2010-0547"
},
{
"category": "external",
"summary": "SUSE Bug 577868 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/577868"
},
{
"category": "external",
"summary": "SUSE Bug 577925 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/577925"
},
{
"category": "external",
"summary": "SUSE Bug 583535 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/583535"
},
{
"category": "external",
"summary": "SUSE Bug 583536 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/583536"
},
{
"category": "external",
"summary": "SUSE Bug 594263 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/594263"
},
{
"category": "external",
"summary": "SUSE Bug 597421 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/597421"
},
{
"category": "external",
"summary": "SUSE Bug 602694 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/602694"
},
{
"category": "external",
"summary": "SUSE Bug 709819 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/709819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-0547"
},
{
"cve": "CVE-2010-0728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0728"
}
],
"notes": [
{
"category": "general",
"text": "smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0728",
"url": "https://www.suse.com/security/cve/CVE-2010-0728"
},
{
"category": "external",
"summary": "SUSE Bug 586683 for CVE-2010-0728",
"url": "https://bugzilla.suse.com/586683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2010-0728"
},
{
"cve": "CVE-2010-0787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0787"
}
],
"notes": [
{
"category": "general",
"text": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0787",
"url": "https://www.suse.com/security/cve/CVE-2010-0787"
},
{
"category": "external",
"summary": "SUSE Bug 550002 for CVE-2010-0787",
"url": "https://bugzilla.suse.com/550002"
},
{
"category": "external",
"summary": "SUSE Bug 602694 for CVE-2010-0787",
"url": "https://bugzilla.suse.com/602694"
},
{
"category": "external",
"summary": "SUSE Bug 620680 for CVE-2010-0787",
"url": "https://bugzilla.suse.com/620680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-0787"
},
{
"cve": "CVE-2012-1586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1586"
}
],
"notes": [
{
"category": "general",
"text": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1586",
"url": "https://www.suse.com/security/cve/CVE-2012-1586"
},
{
"category": "external",
"summary": "SUSE Bug 754443 for CVE-2012-1586",
"url": "https://bugzilla.suse.com/754443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-1586"
}
]
}
GSD-2012-1586
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-1586",
"description": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"id": "GSD-2012-1586",
"references": [
"https://www.suse.com/security/cve/CVE-2012-1586.html",
"https://access.redhat.com/errata/RHSA-2012:0902",
"https://linux.oracle.com/cve/CVE-2012-1586.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-1586"
],
"details": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"id": "GSD-2012-1586",
"modified": "2023-12-13T01:20:17.938860Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/27/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/03/27/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=8821",
"refsource": "MISC",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:debian:cifs-utils:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1586"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923",
"refsource": "MISC",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923"
},
{
"name": "[oss-security] 20120327 Re: CVE id request: cifs-utils",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/6"
},
{
"name": "SUSE-SU-2012:0575",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=8821",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8821"
},
{
"name": "[oss-security] 20120327 CVE id request: cifs-utils",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/1"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2012-08-28T04:00Z",
"publishedDate": "2012-08-27T23:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…