Vulnerability CVE-2022-27239: Information

Description

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-27239
Published: April 27, 2022
Modified: Nov. 21, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cifs-utilssisyphus6.15-alt17.1-alt2ALT-PU-2022-2522-1306005Fixed
cifs-utilssisyphus_e2k6.15-alt17.1-alt2ALT-PU-2022-5942-1-Fixed
cifs-utilssisyphus_riscv646.15-alt17.1-alt2ALT-PU-2022-5891-1-Fixed
cifs-utilsp106.15-alt17.1-alt1ALT-PU-2022-2576-1306006Fixed
cifs-utilsp10_e2k6.15-alt17.1-alt1ALT-PU-2022-6096-1-Fixed
cifs-utilsc10f26.15-alt16.15-alt1ALT-PU-2022-2576-1306006Fixed
cifs-utilsc9f26.15-alt16.15-alt1ALT-PU-2022-2563-1306007Fixed
cifs-utilsp116.15-alt17.1-alt2ALT-PU-2022-2522-1306005Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
  • Third Party Advisory
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
  • Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=15025
  • Issue Tracking
  • Permissions Required
  • Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=15025
  • Issue Tracking
  • Permissions Required
  • Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1197216
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1197216
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765
  • Patch
  • Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765
  • Patch
  • Third Party Advisory
[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update
  • Mailing List
  • Third Party Advisory
FEDORA-2022-34de4f833d
    FEDORA-2022-34de4f833d
      FEDORA-2022-7fda04ab5a
        FEDORA-2022-7fda04ab5a
          FEDORA-2022-eb2d3ca94d
            FEDORA-2022-eb2d3ca94d
              GLSA-202311-05
                GLSA-202311-05
                  DSA-5157
                  • Third Party Advisory
                  DSA-5157
                  • Third Party Advisory

                    1. Configuration 1

                      cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*
                      End excluding
                      6.15

                      Configuration 2

                      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
                      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
                      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

                      Configuration 3

                      cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*
                      cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*
                      cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*
                      cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
                      cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*
                      cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*
                      cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*
                      cpe:2.3:a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*
                      cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*
                      cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*
                      cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*
                      cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*
                      cpe:2.3:a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*

                      Configuration 4

                      cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*

                      Configuration 5

                      cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
                      cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
                      cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v25.2.1
                  Back to top