[Pkg-samba-maint] Bug#665923: file enumeration vulnerability via mount.cifs due to early use of chdir() and error message
Nico Golde
nion at debian.org
Tue Mar 27 02:43:41 UTC 2012
Package: samba
Severity: grave
Tags: security
Hi,
it was discovered that mount.cifs is doing a chdir to the specified directory
before the fstab file is actually checked. Since mount.cifs is (also on
Debian) installed as setuid, this allows an attacker to use the program to
enumerate the existence of files/directories on the system by checking for the
existence of the error response.
I don't have time to write a patch now or to test that, but a quick look at
mount.cifs.c suggests that this can be fixed just by changing the order of the
execution.
Reference https://bugzilla.samba.org/show_bug.cgi?id=8821
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20120327/c385a0a9/attachment.pgp>
More information about the Pkg-samba-maint
mailing list