Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1586Sensitive Information Exposure in Cifs-utils

CWE-200Sensitive Information Exposure9 documents8 sources
Severity
2.1LOWNVD
EPSS
0.5%
top 33.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Samba Cifs-utilsDebian Cifs-utils
Timeline
PublishedAug 27
Latest updateMay 17

Description

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Debiansamba/cifs-utils< 2:5.3-2+3

🔴Vulnerability Details

3
GHSA
GHSA-pm5w-chj8-22cj: mount2022-05-17
CVEList
CVE-2012-1586: mount2012-08-27
OSV
CVE-2012-1586: mount2012-08-27

💥Exploits & PoCs

1
Exploit-DB
mount.cifs - 'chdir()' Arbitrary Root File Identification2012-04-25

📋Vendor Advisories

2
Red Hat
cifs-utils: mount.cifs file existence disclosure vulnerability2012-03-21
Debian
CVE-2012-1586: cifs-utils - mount.cifs in cifs-utils 2.6 allows local users to determine the existence of ar...2012

💬Community

2
Bugzilla
CVE-2012-1586 samba, samba3x, cifs-utils: mount.cifs file existence disclosure vulnerability [fedora-all]2012-04-16
Bugzilla
CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability2012-03-27
CVE-2012-1586 — Sensitive Information Exposure | cvebase