CVE-2012-1586
published 2012-08-27CVE-2012-1586: mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.73%
49.6th percentile
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cifs-utils | < cifs-utils 2:5.3-2 (bookworm) | cifs-utils 2:5.3-2 (bookworm) |
| debian | cifs-utils | — | — |
| samba | cifs-utils | >= 0 < 2:5.3-2 | 2:5.3-2 |
| samba | cifs-utils | >= 0 < 2:5.3-2 | 2:5.3-2 |
| samba | cifs-utils | >= 0 < 2:5.3-2 | 2:5.3-2 |
| samba | cifs-utils | >= 0 < 2:5.3-2 | 2:5.3-2 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cifs-utils: mount.cifs file existence disclosure vulnerability
vendor_redhat·2012-03-21·CVSS 2.1
CVE-2012-1586 [LOW] cifs-utils: mount.cifs file existence disclosure vulnerability
cifs-utils: mount.cifs file existence disclosure vulnerability
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Statement: This issue affects the version of samba/samba3x as shipped with Red Hat Enterprise Linux 5. This issue is not currently planned to be addressed in future updates.
Package: samba (Red Hat Enterprise Linux 5) - Will not fix
Package: samba3x (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2012-1586: cifs-utils - mount.cifs in cifs-utils 2.6 allows local users to determine the existence of ar...
vendor_debian·2012·CVSS 2.1
CVE-2012-1586 [LOW] CVE-2012-1586: cifs-utils - mount.cifs in cifs-utils 2.6 allows local users to determine the existence of ar...
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Scope: local
bookworm: resolved (fixed in 2:5.3-2)
bullseye: resolved (fixed in 2:5.3-2)
forky: resolved (fixed in 2:5.3-2)
sid: resolved (fixed in 2:5.3-2)
trixie: resolved (fixed in 2:5.3-2)
GHSA
GHSA-pm5w-chj8-22cj: mount
ghsa_unreviewed·2022-05-17
CVE-2012-1586 [LOW] CWE-200 GHSA-pm5w-chj8-22cj: mount
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
OSV
CVE-2012-1586: mount
osv·2012-08-27·CVSS 2.1
CVE-2012-1586 [LOW] CVE-2012-1586: mount
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
No detection rules found.
Bugzilla
CVE-2012-1586 samba, samba3x, cifs-utils: mount.cifs file existence disclosure vulnerability [fedora-all]
bugzilla·2012-04-16·CVSS 2.1
CVE-2012-1586 [LOW] CVE-2012-1586 samba, samba3x, cifs-utils: mount.cifs file existence disclosure vulnerability [fedora-all]
CVE-2012-1586 samba, samba3x, cifs-utils: mount.cifs file existence disclosure vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.o
Bugzilla
CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability
bugzilla·2012-03-27·CVSS 2.1
CVE-2012-1586 [LOW] CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability
CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability
A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm (non) existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run.
Upstream bug report:
[1] https://bugzilla.samba.org/show_bug.cgi?id=8821
References:
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923
CVE request:
[3] http://www.openwall.com/lists/oss-security/2012/03/27/1
Discussion:
It's not clear to me what the proposed remedy is. Sh
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.htmlhttp://www.openwall.com/lists/oss-security/2012/03/27/1http://www.openwall.com/lists/oss-security/2012/03/27/6https://bugzilla.samba.org/show_bug.cgi?id=8821http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.htmlhttp://www.openwall.com/lists/oss-security/2012/03/27/1http://www.openwall.com/lists/oss-security/2012/03/27/6https://bugzilla.samba.org/show_bug.cgi?id=8821
2012-08-27
Published