40 matches found
RLSA-2026:32990 Important: cifs-utils security update
The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a...
RHSA-2026:32990 Red Hat Security Advisory: cifs-utils security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2026-12505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a...
Astra Linux – Vulnerability in cifs-utils
cifs-utils from version 6.14 onwards, with verbose logging, can cause an information leak when a file contains equal sign characters but is not a valid credentials file...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
UBUNTU-CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
PT-2026-50619
Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...
Exploit for CVE-2026-46243
cifswitch-check A shell script to check whether a Linux syste...
Unity Linux 20.1060e / 20.1070e Security Update: cifs-utils (UTSA-2026-016660)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016660 advisory. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host...
Astra Linux – Vulnerability in cifs-utils
In cifs-utils up to version 6.14, a stack-based buffer overflow occurs when parsing the mount.cifs ip= command-line argument. This vulnerability could allow local attackers to gain root privileges...
CLSA-2026-1778015406 cifs-utils: Fix of CVE-2022-29869
CVE-2022-29869: avoid leaking sensitive credential file content via verbose stderr in mount.cifs option parsing...
Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1597)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1597 advisory. A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. Thi...
MiracleLinux 4 : cifs-utils-4.8.1-10.AXS4 (AXSA:2012-595:02)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-595:02 advisory. The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains tools for mounting shares on...
USN-7688-1 cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. CVE-2020-14342 It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file...
Security update for cifs-utils
This update for cifs-utils fixes the following issues: CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials bsc1239680 Patch Instructions: To install this SUSE update use the SUSE recommended installation...
UBUNTU-CVE-2025-2312
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...
cifs-utils bug fix and enhancement update
An update is available for cifs-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...
Important: cifs-utils
Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be...
SUSE CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...