CVE-2022-27239

Опубликовано: 27 апр. 2022

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

A stack-based buffer overflow issue was found in cifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges.

Отчет

The mount.cifs binary file is shipped without setuid privileges as default which prevents an attacker to gain root privileges hence lowering the flaw impact.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	cifs-utils	Out of support scope
Red Hat Enterprise Linux 7	cifs-utils	Will not fix
Red Hat Enterprise Linux 9	cifs-utils	Will not fix
Red Hat Enterprise Linux 8	cifs-utils	Fixed	RHBA-2023:3052	16.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2081040cifs-utils: stack-based buffer overflow mount.cifs may lead to local privilege escalation to root

EPSS

Процентиль: 14%

0.00045

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2022-27239

CVSS3: 7.8

ubuntu

больше 3 лет назад

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-27239

CVSS3: 7.8

nvd

больше 3 лет назад

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-27239

CVSS3: 7.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2022-27239

CVSS3: 7.8

debian

больше 3 лет назад

In cifs-utils through 6.14, a stack-based buffer overflow when parsing ...

SUSE-SU-2022:2378-1

suse-cvrf

больше 3 лет назад

Security update for cifs-utils

EPSS

Процентиль: 14%

0.00045

Низкий

7 High

CVSS3