[Pkg-samba-maint] Bug#665923: Bug#665923: file enumeration vulnerability via mount.cifs due to early use of chdir() and error message
Luk Claes
luk at debian.org
Wed Mar 28 06:22:15 UTC 2012
On 03/27/2012 04:43 AM, Nico Golde wrote:
> Hi,
Hi Nico
> it was discovered that mount.cifs is doing a chdir to the specified directory
> before the fstab file is actually checked. Since mount.cifs is (also on
> Debian) installed as setuid, this allows an attacker to use the program to
> enumerate the existence of files/directories on the system by checking for the
> existence of the error response.
>
> I don't have time to write a patch now or to test that, but a quick look at
> mount.cifs.c suggests that this can be fixed just by changing the order of the
> execution.
It's not that easy, as that would mean that another security issue gets
reintroduced.
Upstream is looking at it now and very probaby they will just make sure
that the error responses are all the same.
Cheers
Luk
More information about the Pkg-samba-maint
mailing list