2081221 – (CVE-2022-29869) CVE-2022-29869 cifs-utils: crafted input may cause an information leak

Bug 2081221 (CVE-2022-29869) - CVE-2022-29869 cifs-utils: crafted input may cause an information leak

Summary: CVE-2022-29869 cifs-utils: crafted input may cause an information leak

Keywords:
Status:	NEW
Alias:	CVE-2022-29869
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2082334 2082335
Blocks:	2081222
TreeView+	depends on / blocked

Reported:	2022-05-03 06:21 UTC by Marian Rehak
Modified:	2022-05-10 12:21 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs.
Clone Of:
Environment:
Last Closed:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Marian Rehak 2022-05-03 06:21:27 UTC

With verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

Reference:

https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379

Note You need to log in before you can comment on or make changes to this bug.