Bug 1860884 (CVE-2020-14342) - CVE-2020-14342 cifs-utils: shell command injection in mount.cifs
Summary: CVE-2020-14342 cifs-utils: shell command injection in mount.cifs
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-14342
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1866238 1866239 1876400
Blocks: 1860093
TreeView+ depends on / blocked
 
Reported: 2020-07-27 10:34 UTC by msiddiqu
Modified: 2021-10-29 06:53 UTC (History)
8 users (show)

Fixed In Version: cifs-utils 6.11
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in cifs-utils' mount.cifs where it was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. This flaw allows an attacker who can invoke mount.cifs with special permission, such as via sudo rules, to escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-10-29 06:53:38 UTC


Attachments (Terms of Use)

Description msiddiqu 2020-07-27 10:34:55 UTC
A user controlling the username mount option can embed shell commands that will be run in the context of the calling user.

Comment 3 Cedric Buissart 2020-09-07 06:43:21 UTC
Statement:

In order to exploit this flaw, the attacker would need to be able to inject a specially crafted username into the command run by root. This requires a specific setup (e.g.: sudo rules, etc.).
As a result, the vulnerability is considered as low severity.

Comment 5 Cedric Buissart 2020-09-07 07:09:22 UTC
Acknowledgments:

Name: Aurélien Aptel (SUSE Labs Samba Team)
Upstream: Vadim Lebedev

Comment 6 Cedric Buissart 2020-09-07 07:09:42 UTC
Created cifs-utils tracking bugs for this issue:

Affects: fedora-all [bug 1876400]

Comment 8 Michael Kaplan 2020-09-08 11:52:21 UTC
External References:

https://lists.samba.org/archive/samba-technical/2020-September/135747.html


Note You need to log in before you can comment on or make changes to this bug.