Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:1455-1

Опубликовано: 30 апр. 2021
Источник: suse-cvrf

Описание

Security update for cifs-utils

This update for cifs-utils fixes the following security issues:

  • CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239)
  • CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)

This update for cifs-utils fixes the following issues:

  • Solve invalid directory mounting. When attempting to change the current working directory into non-existing directories, mount.cifs crashes. (bsc#1152930)

  • Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update. (bsc#1184815)

Список пакетов

Image SLES15-Azure-BYOS
cifs-utils-6.9-3.14.1
Image SLES15-EC2-HVM-BYOS
cifs-utils-6.9-3.14.1
Image SLES15-GCE-BYOS
cifs-utils-6.9-3.14.1
Image SLES15-SAP-Azure
cifs-utils-6.9-3.14.1
Image SLES15-SAP-Azure-BYOS
cifs-utils-6.9-3.14.1
Image SLES15-SAP-Azure-LI-BYOS-Production
cifs-utils-6.9-3.14.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
cifs-utils-6.9-3.14.1
Image SLES15-SAP-EC2-HVM
cifs-utils-6.9-3.14.1
Image SLES15-SAP-EC2-HVM-BYOS
cifs-utils-6.9-3.14.1
Image SLES15-SAP-GCE
cifs-utils-6.9-3.14.1
Image SLES15-SAP-GCE-BYOS
cifs-utils-6.9-3.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
cifs-utils-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
cifs-utils-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
SUSE Linux Enterprise Server 15-LTSS
cifs-utils-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
SUSE Linux Enterprise Server for SAP Applications 15
cifs-utils-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1

Ссылки

Описание

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

Затронутые продукты
Image SLES15-Azure-BYOS:cifs-utils-6.9-3.14.1
Image SLES15-EC2-HVM-BYOS:cifs-utils-6.9-3.14.1
Image SLES15-GCE-BYOS:cifs-utils-6.9-3.14.1
Image SLES15-SAP-Azure-BYOS:cifs-utils-6.9-3.14.1
Ссылки

Описание

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые продукты
Image SLES15-Azure-BYOS:cifs-utils-6.9-3.14.1
Image SLES15-EC2-HVM-BYOS:cifs-utils-6.9-3.14.1
Image SLES15-GCE-BYOS:cifs-utils-6.9-3.14.1
Image SLES15-SAP-Azure-BYOS:cifs-utils-6.9-3.14.1
Ссылки