Cifs Utils Samba Cifs Utils

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Samba Cifs Utils.

By the Year

In 2024 there have been 0 vulnerabilities in Samba Cifs Utils . Cifs Utils did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 2 6.55
2021 1 6.10
2020 1 7.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Cifs Utils vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samba Cifs Utils Security Vulnerabilities

cifs-utils through 6.14, with verbose logging

CVE-2022-29869 5.3 - Medium - April 28, 2022

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

Insertion of Sensitive Information into Log File

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

A flaw was found in cifs-utils in versions before 6.13

CVE-2021-20208 6.1 - Medium - April 19, 2021

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Improper Privilege Management

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password

CVE-2020-14342 7 - High - September 09, 2020

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse Leap or by Samba? Click the Watch button to subscribe.

Samba
Vendor

subscribe