Bug 1860884 (CVE-2020-14342)
Summary: | CVE-2020-14342 cifs-utils: shell command injection in mount.cifs | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | cbuissar, jlayton, lsahlber, mkaplan, ronniesahlberg, security-response-team, sprabhu, ssorce |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cifs-utils 6.11 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in cifs-utils' mount.cifs where it was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. This flaw allows an attacker who can invoke mount.cifs with special permission, such as via sudo rules, to escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-29 06:53:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1866238, 1866239, 1876400 | ||
Bug Blocks: | 1860093 |
Description
msiddiqu
2020-07-27 10:34:55 UTC
Statement: In order to exploit this flaw, the attacker would need to be able to inject a specially crafted username into the command run by root. This requires a specific setup (e.g.: sudo rules, etc.). As a result, the vulnerability is considered as low severity. Upstream fix: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=48a654e2e763fce24c22e1b9c695b42804bbdd4a Acknowledgments: Name: Aurélien Aptel (SUSE Labs Samba Team) Upstream: Vadim Lebedev Created cifs-utils tracking bugs for this issue: Affects: fedora-all [bug 1876400] External References: https://lists.samba.org/archive/samba-technical/2020-September/135747.html |