Cifs Utils
CVE-2022-29869
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
AnalysisAI
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-532. cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Affected products include: Samba Cifs-Utils, Fedoraproject Fedora, Debian Debian Linux. Version information: through 6.14.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cifs Utils
View allIt was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remot
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could le
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the fil
A flaw was found in cifs-utils in versions before 6.13. Rated medium severity (CVSS 6.1).
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today