rpm package

opensuse/cifs-utils&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/cifs-utils&distro=openSUSE%20Tumbleweed

Vulnerabilities (26)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-27239	—	< 6.15-1.1	6.15-1.1	Apr 27, 2022	In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2021-20208	—	< 6.13-1.3	6.13-1.3	Apr 19, 2021	A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2020-14342	—	< 6.13-1.3	6.13-1.3	Sep 9, 2020	It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privile
CVE-2012-1586	—	< 6.5-1.5	6.5-1.5	Aug 27, 2012	mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
CVE-2010-0728	—	< 6.5-1.5	6.5-1.5	Mar 10, 2010	smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
CVE-2010-0787	—	< 6.5-1.5	6.5-1.5	Mar 2, 2010	client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
CVE-2010-0547	—	< 6.5-1.5	6.5-1.5	Feb 4, 2010	client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
CVE-2009-2948	—	< 6.5-1.5	6.5-1.5	Oct 7, 2009	mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the
CVE-2009-2906	—	< 6.5-1.5	6.5-1.5	Oct 7, 2009	smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
CVE-2009-2813	—	< 6.5-1.5	6.5-1.5	Sep 14, 2009	Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, whic
CVE-2009-1888	—	< 6.5-1.5	6.5-1.5	Jun 25, 2009	The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to u
CVE-2009-1886	—	< 6.5-1.5	6.5-1.5	Jun 25, 2009	Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
CVE-2009-0022	—	< 6.13-1.3	6.13-1.3	Jan 5, 2009	Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
CVE-2008-4314	—	< 6.13-1.3	6.13-1.3	Dec 1, 2008	smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
CVE-2008-3789	—	< 6.13-1.3	6.13-1.3	Aug 27, 2008	Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
CVE-2008-1105	—	< 6.13-1.3	6.13-1.3	May 29, 2008	Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
CVE-2007-6015	—	< 6.13-1.3	6.13-1.3	Dec 13, 2007	Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset usernam
CVE-2007-5398	—	< 6.13-1.3	6.13-1.3	Nov 16, 2007	Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Q
CVE-2007-4572	—	< 6.13-1.3	6.13-1.3	Nov 16, 2007	Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
CVE-2007-4138	—	< 6.13-1.3	6.13-1.3	Sep 14, 2007	The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attri

CVE-2022-27239Apr 27, 2022
affected < 6.15-1.1fixed 6.15-1.1
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2021-20208Apr 19, 2021
affected < 6.13-1.3fixed 6.13-1.3
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2020-14342Sep 9, 2020
affected < 6.13-1.3fixed 6.13-1.3
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privile
CVE-2012-1586Aug 27, 2012
affected < 6.5-1.5fixed 6.5-1.5
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
CVE-2010-0728Mar 10, 2010
affected < 6.5-1.5fixed 6.5-1.5
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
CVE-2010-0787Mar 2, 2010
affected < 6.5-1.5fixed 6.5-1.5
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
CVE-2010-0547Feb 4, 2010
affected < 6.5-1.5fixed 6.5-1.5
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
CVE-2009-2948Oct 7, 2009
affected < 6.5-1.5fixed 6.5-1.5
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the
CVE-2009-2906Oct 7, 2009
affected < 6.5-1.5fixed 6.5-1.5
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
CVE-2009-2813Sep 14, 2009
affected < 6.5-1.5fixed 6.5-1.5
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, whic
CVE-2009-1888Jun 25, 2009
affected < 6.5-1.5fixed 6.5-1.5
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to u
CVE-2009-1886Jun 25, 2009
affected < 6.5-1.5fixed 6.5-1.5
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
CVE-2009-0022Jan 5, 2009
affected < 6.13-1.3fixed 6.13-1.3
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
CVE-2008-4314Dec 1, 2008
affected < 6.13-1.3fixed 6.13-1.3
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
CVE-2008-3789Aug 27, 2008
affected < 6.13-1.3fixed 6.13-1.3
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
CVE-2008-1105May 29, 2008
affected < 6.13-1.3fixed 6.13-1.3
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
CVE-2007-6015Dec 13, 2007
affected < 6.13-1.3fixed 6.13-1.3
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset usernam
CVE-2007-5398Nov 16, 2007
affected < 6.13-1.3fixed 6.13-1.3
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Q
CVE-2007-4572Nov 16, 2007
affected < 6.13-1.3fixed 6.13-1.3
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
CVE-2007-4138Sep 14, 2007
affected < 6.13-1.3fixed 6.13-1.3
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attri

Page 1 of 2