Bug 2081221 (CVE-2022-29869) - CVE-2022-29869 cifs-utils: crafted input may cause an information leak
Summary: CVE-2022-29869 cifs-utils: crafted input may cause an information leak
Keywords:
Status: NEW
Alias: CVE-2022-29869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2082334 2082335
Blocks: 2081222
TreeView+ depends on / blocked
 
Reported: 2022-05-03 06:21 UTC by Marian Rehak
Modified: 2022-05-10 12:21 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2022-05-03 06:21:27 UTC
With verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

Reference:

https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379


Note You need to log in before you can comment on or make changes to this bug.