Hi, * Steve Langasek <vor...@debian.org> [2012-03-27 05:33]: > On Tue, Mar 27, 2012 at 04:43:41AM +0200, Nico Golde wrote: > > Hi, it was discovered that mount.cifs is doing a chdir to the specified > > directory before the fstab file is actually checked. Since mount.cifs is > > (also on Debian) installed as setuid, this allows an attacker to use the > > program to enumerate the existence of files/directories on the system by > > checking for the existence of the error response. > > > I don't have time to write a patch now or to test that, but a quick look > > at mount.cifs.c suggests that this can be fixed just by changing the order > > of the execution. > > How does an information leak about the names of files qualify as a "grave" > bug? This doesn't seem consistent with > <http://www.debian.org/Bugs/Developer#severities> to me.
Well it depends on your definition of access to accounts of users. Anyway, I don't have any deep feelings about this, so no need to discuss this further. > Also, mount.cifs doesn't come from the samba source anymore; reassigning to > cifs-utils. I noticed that right after filing the bug and reassigned it already myself. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgp7NqP4ghKoM.pgp
Description: PGP signature
