Test ID:	1.3.6.1.4.1.25623.1.0.72047
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:069 (cifs-utils)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cifs-utils announced via advisory MDVSA-2012:069. A vulnerability has been found and corrected in cifs-utils: A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm (non) existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run (CVE-2012-1586). The updated packages have been patched to correct this issue. Affected: 2010.1, 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:069 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1586 SUSE-SU-2012:0575 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html [oss-security] 20120327 CVE id request: cifs-utils http://www.openwall.com/lists/oss-security/2012/03/27/1 [oss-security] 20120327 Re: CVE id request: cifs-utils http://www.openwall.com/lists/oss-security/2012/03/27/6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923 https://bugzilla.samba.org/show_bug.cgi?id=8821
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.