Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0170)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0170

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0170)

Resumen: The remote host is missing an update for the 'cifs-utils' package(s) announced via the MGASA-2022-0170 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cifs-utils' package(s) announced via the MGASA-2022-0170 advisory.

Vulnerability Insight:
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the
mount.cifs ip= command-line argument could lead to local attackers gaining
root privileges. (CVE-2022-27239)

cifs-utils through 6.14, with verbose logging, can cause an information
leak when a file contains = (equal sign) characters but is not a valid
credentials file. (CVE-2022-29869)

Affected Software/OS:
'cifs-utils' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-27239
Debian Security Information: DSA-5157 (Google Search)
https://www.debian.org/security/2022/dsa-5157
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
https://security.gentoo.org/glsa/202311-05
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
https://bugzilla.samba.org/show_bug.cgi?id=15025
https://bugzilla.suse.com/show_bug.cgi?id=1197216
https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765
https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-29869
https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0170
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0170)
Resumen:	The remote host is missing an update for the 'cifs-utils' package(s) announced via the MGASA-2022-0170 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cifs-utils' package(s) announced via the MGASA-2022-0170 advisory. Vulnerability Insight: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. (CVE-2022-27239) cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. (CVE-2022-29869) Affected Software/OS: 'cifs-utils' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-27239 Debian Security Information: DSA-5157 (Google Search) https://www.debian.org/security/2022/dsa-5157 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/ https://security.gentoo.org/glsa/202311-05 http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba https://bugzilla.samba.org/show_bug.cgi?id=15025 https://bugzilla.suse.com/show_bug.cgi?id=1197216 https://github.com/piastry/cifs-utils/pull/7 https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765 https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2022-29869 https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379
Copyright	Copyright (C) 2022 Greenbone AG