CVE-2022-27239

Опубликовано: 27 апр. 2022

Источник: redhat

CVSS3: 7

Описание

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

A stack-based buffer overflow issue was found in cifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges.

Отчет

The mount.cifs binary file is shipped without setuid privileges as default which prevents an attacker to gain root privileges hence lowering the flaw impact.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	cifs-utils	Out of support scope
Red Hat Enterprise Linux 7	cifs-utils	Will not fix
Red Hat Enterprise Linux 9	cifs-utils	Will not fix
Red Hat Enterprise Linux 8	cifs-utils	Fixed	RHBA-2023:3052	16.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2081040cifs-utils: stack-based buffer overflow mount.cifs may lead to local privilege escalation to root

7 High

CVSS3

Связанные уязвимости

CVE-2022-27239

CVSS3: 7.8

ubuntu

почти 4 года назад

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-27239

CVSS3: 7.8

nvd

почти 4 года назад

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.