4 matches found
CVE-2021-20208
CVE-2021-20208 affects the cifs-utils package prior to 6.13. When mounting a Kerberos-authenticated CIFS file system from inside a container, a user can reuse the host’s Kerberos credentials, risking data confidentiality and integrity. Affected: cifs-utils (versions
CVE-2020-14342
CVE-2020-14342 affects cifs-utils’ mount.cifs, which can invoke a shell when requesting the Samba password. This enables local attackers with sufficient permissions (for example via sudo rule configurations) to inject commands and escalate privileges. Public advisories confirm a shell-injection f...
CVE-2022-27239
CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...
CVE-2022-29869
CVE-2022-29869 affects the cifs-utils package. The issue is an information leak that occurs when verbose logging dumps lines containing = signs from a credentials file that is not a valid credentials file, potentially exposing sensitive data. Affected versions include cifs-utils up to 6.14; sever...