MDVSA-2012:069
- Package name
- cifs-utils
- Date
- 2012-05-04
- Advisory ID
- MDVSA-2012:069
- Affected versions
- 2011 i586 , 2011 x86_64 , 2010.1 i586 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in cifs-utils:
A file existence dislosure flaw was found in the way mount.cifs tool
of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS
(Common Internet File System) filesystem. A local user, able to
mount a remote CIFS share / target to a local directory could use
this flaw to confirm (non) existence of a file system object (file,
directory or process descriptor) via error messages generated during
the mount.cifs tool run (CVE-2012-1586).
The updated packages have been patched to correct this issue.
Updated packages
2011 i586
f1d534a2ee05113cf6cac6a30e4046e2 2011/i586/cifs-utils-4.9-1.2-mdv2011.0.i586.rpm f5c019446c94a5f0476d6a4a8bdd19d8 2011/SRPMS/cifs-utils-4.9-1.2.src.rpm
2011 x86_64
ab6001dd7d5007ab83635a96f3e5ed40 2011/x86_64/cifs-utils-4.9-1.2-mdv2011.0.x86_64.rpm f5c019446c94a5f0476d6a4a8bdd19d8 2011/SRPMS/cifs-utils-4.9-1.2.src.rpm
2010.1 i586
0b125635841123c39aa915e9708a8419 2010.1/i586/cifs-utils-4.8.1-0.2mdv2010.2.i586.rpm 2822bca1b75fc1eea5360f2c3d8d9bd6 2010.1/SRPMS/cifs-utils-4.8.1-0.2mdv2010.2.src.rpm
2010.1 x86_64
052307fac1232b872f007ddeb5355af0 2010.1/x86_64/cifs-utils-4.8.1-0.2mdv2010.2.x86_64.rpm 2822bca1b75fc1eea5360f2c3d8d9bd6 2010.1/SRPMS/cifs-utils-4.8.1-0.2mdv2010.2.src.rpm