CVE-2020-14342

Опубликовано: 09 сент. 2020

Источник: nvd

CVSS3: 4.4

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/
https://lists.samba.org/archive/samba-technical/2020-September/135747.html
Exploit
Mailing List
Vendor Advisory
https://security.gentoo.org/glsa/202009-16
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/
https://lists.samba.org/archive/samba-technical/2020-September/135747.html
Exploit
Mailing List
Vendor Advisory
https://security.gentoo.org/glsa/202009-16
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*

Версия от 5.6 (включая) до 6.10 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00134

Низкий

4.4 Medium

CVSS3

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-77

CWE-78

Связанные уязвимости

CVE-2020-14342

CVSS3: 4.4

ubuntu

больше 5 лет назад

CVE-2020-14342

CVSS3: 7

redhat

больше 5 лет назад

CVE-2020-14342

CVSS3: 7

msrc

больше 5 лет назад

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission such as via sudo rules could use this flaw to escalate their privileges.

CVE-2020-14342

CVSS3: 4.4

debian

больше 5 лет назад

It was found that cifs-utils' mount.cifs was invoking a shell when req ...

openSUSE-SU-2020:1579-1

suse-cvrf

больше 5 лет назад

Security update for cifs-utils

EPSS

Процентиль: 33%

0.00134

Низкий

4.4 Medium

CVSS3

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-77

CWE-78