Описание
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in cifs-utils. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Отчет
This flaw is rated as having Moderate impact because of the need to have elevated privileges and limited possibilities of the attack: an attacker will not get actual credentials cache accessed by themselves, but might cause an authentication attempt to an SMB server and may be succeed in file access.
Меры по смягчению последствий
DFS and multiuser mounts can be disabled in the container SMB mounts options i.e. adding 'nodfs' and removing 'multiuser' (if present).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | cifs-utils | Out of support scope | ||
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba4 | Not affected | ||
| Red Hat Enterprise Linux 7 | cifs-utils | Will not fix | ||
| Red Hat Enterprise Linux 7 | samba | Not affected | ||
| Red Hat Enterprise Linux 8 | cifs-utils | Affected | ||
| Red Hat Enterprise Linux 8 | samba | Not affected | ||
| Red Hat Enterprise Linux 9 | cifs-utils | Not affected | ||
| Red Hat Enterprise Linux 9 | samba | Not affected |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in cifs-utils in versions before 6.13. A user when mo ...
6.1 Medium
CVSS3