Information disclosure by setuid mount.cifs

Description

The mount.cifs program allows a user to pass in the name of
a credentials file or a file containing a password via several
different means. When installed as a setuid program, it does
not check to see whether the user would have had access to
this file prior to gaining root privileges.

Also, when run with the --verbose or -v options, it would
print the value of the password being handed off to the
kernel.

Patch Availability

Patches addressing both these issues have been posted to:

http://www.samba.org/samba/security/

Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

Workaround

Clear the setuid bit from mount.cifs. For instance:

# chmod u-s /sbin/mount.cifs

…note that this will prevent unprivileged users from
mounting CIFS shares however.

Credits

Originally reported by Ronald Volgers.

Patches provided by Jeff Layton of the Samba team.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team