Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 384
    • Issues 384
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 20
    • Merge requests 20
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #361
Closed
Open
Created Oct 26, 2020 by Emily@emily🤖

user/cifs-utils: CVE-2020-14342: mount.cifs shell injection

Bugzilla ID 361
Alias(es) CVE-2020-14342
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2020-10-26 01:09:41 -0500
Modified 2020-10-30 22:34:53 -0500
Status RESOLVED FIXED
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / normal
Package(s) user/cifs-utils
URL https://nvd.nist.gov/vuln/detail/CVE-2020-14342

Description

It was found that cifs-utils' mount.cifs was invoking a shell when
requesting the Samba password, which could be used to inject arbitrary
commands. An attacker able to invoke mount.cifs with special
permission, such as via sudo rules, could use this flaw to escalate
their privileges.

Fixed in >= 6.11 https://lists.samba.org/archive/samba-technical/2020-September/135747.html

Edited Feb 02, 2022 by Zach van Rijn
Assignee
Assign to
Time tracking