Lucene search

K

Veracode Vulnerability DatabaseVERACODE:10833

HistoryJan 15, 2019 - 8:52 a.m.

Information Disclosure

2019-01-1508:52:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

The cifs-utils package is vulnerable to information disclosure. The vulnerability exists due to the way it handles the second argument in mount.cifs which allows a local user to disclose the arbitrary file or directory information via an error massage.

CPENameOperatorVersion
cifs-utilseq4.8.1__2.el6
cifs-utilseq4.4__5.el6
cifs-utilseq4.4__5.el6_0.2
cifs-utilseq4.8.1__2.el6_1.2
cifs-utilseq4.8.1__5.el6

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923

lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html

www.openwall.com/lists/oss-security/2012/03/27/1

www.openwall.com/lists/oss-security/2012/03/27/6

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/show_bug.cgi?id=748756

bugzilla.redhat.com/show_bug.cgi?id=748757

bugzilla.samba.org/show_bug.cgi?id=8821

rhn.redhat.com/errata/RHSA-2012-0902.html

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

Related for VERACODE:10833

redhat1 openvas20 ubuntucve1 centos1 nessus14 prion1 fedora3 securityvulns2 oraclelinux1 cve1 debiancve1 suse2