1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
26.6%
The mount.cifs program allows a user to pass in the name of
a credentials file or a file containing a password via several
different means. When installed as a setuid program, it does
not check to see whether the user would have had access to
this file prior to gaining root privileges.
Also, when run with the --verbose or -v options, it would
print the value of the password being handed off to the
kernel.
Patches addressing both these issues have been posted to:
http://www.samba.org/samba/security/
Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
Clear the setuid bit from mount.cifs. For instance:
# chmod u-s /sbin/mount.cifs
…note that this will prevent unprivileged users from
mounting CIFS shares however.
Originally reported by Ronald Volgers.
Patches provided by Jeff Layton of the Samba team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team