Local File Enumeration Vulnerability in cifs-utils by SUSE
CVE-2012-1586

Currently unrated

Key Information:

Vendor: Debian
Status: Cifs-utils
Vendor: CVE Published:; 27 August 2012

Summary

The cifs-utils package version 2.6 is vulnerable to a local file enumeration issue. Local users can exploit this vulnerability by supplying a file path in the second argument of the mount.cifs command. The response triggers an error message that inadvertently reveals the existence of specified files or directories. This can lead to information disclosure, as attackers may gain insights into the structure and contents of the file system.

References

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

http://www.openwall.com/lists/oss-security/2012/03/27/6

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/03/27/1

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Aug 27, 2012
Vulnerability Reserved
Mar 12, 2012