Skip to main content

Cifs Utils

6 CVEs product

Monthly

CVE-2022-29869 MEDIUM PATCH This Month

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cifs Utils Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2022-27239 HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils Debian Linux Caas Platform +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-20208 MEDIUM PATCH This Month

A flaw was found in cifs-utils in versions before 6.13. Rated medium severity (CVSS 6.1).

Information Disclosure Cifs Utils Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-14342 HIGH POC PATCH This Week

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Cifs Utils Fedora Leap
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2014-2830 CRITICAL Act Now

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cifs Utils
NVD
CVSS 2.0
10.0
EPSS
2.9%
CVE-2012-1586 LOW POC Monitor

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cifs Utils
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.6%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cifs Utils Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils +18
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in cifs-utils in versions before 6.13. Rated medium severity (CVSS 6.1).

Information Disclosure Cifs Utils Enterprise Linux +1
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Cifs Utils Fedora +1
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cifs Utils
NVD
EPSS 1% CVSS 2.1
LOW POC Monitor

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cifs Utils
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy