[Pkg-samba-maint] Bug#665923: Bug#665923: file enumeration vulnerability via mount.cifs due to early use of chdir() and error message

[Steve Langasek]

severity 665923 important
reassign 665923 cifs-utils
thanks

On Tue, Mar 27, 2012 at 04:43:41AM +0200, Nico Golde wrote:
> Hi, it was discovered that mount.cifs is doing a chdir to the specified
> directory before the fstab file is actually checked.  Since mount.cifs is
> (also on Debian) installed as setuid, this allows an attacker to use the
> program to enumerate the existence of files/directories on the system by
> checking for the existence of the error response.

> I don't have time to write a patch now or to test that, but a quick look
> at mount.cifs.c suggests that this can be fixed just by changing the order
> of the execution.

How does an information leak about the names of files qualify as a "grave"
bug?  This doesn't seem consistent with
<http://www.debian.org/Bugs/Developer#severities> to me.

Also, mount.cifs doesn't come from the samba source anymore; reassigning to
cifs-utils.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20120326/00eabc3b/attachment.pgp>