Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for cifs-utils by samba

CVE-2020-14342 (GCVE-0-2020-14342)

Vulnerability from cvelistv5

Published

2020-09-09 11:13

Modified

2024-08-04 12:39

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-77

Summary

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

References

URL

Tags

	https://lists.samba.org/archive/samba-technical/2020-September/135747.html	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202009-16	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	samba	cifs-utils	Version: 6.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.samba.org/archive/samba-technical/2020-September/135747.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342"
          },
          {
            "name": "GLSA-202009-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202009-16"
          },
          {
            "name": "openSUSE-SU-2020:1579",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html"
          },
          {
            "name": "FEDORA-2020-ea0b9caac3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/"
          },
          {
            "name": "FEDORA-2020-cfdd73f1b4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cifs-utils",
          "vendor": "samba",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that cifs-utils\u0027 mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-11T02:06:43.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.samba.org/archive/samba-technical/2020-September/135747.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342"
        },
        {
          "name": "GLSA-202009-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202009-16"
        },
        {
          "name": "openSUSE-SU-2020:1579",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html"
        },
        {
          "name": "FEDORA-2020-ea0b9caac3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/"
        },
        {
          "name": "FEDORA-2020-cfdd73f1b4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14342",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cifs-utils",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "samba"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that cifs-utils\u0027 mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.4/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.samba.org/archive/samba-technical/2020-September/135747.html",
              "refsource": "MISC",
              "url": "https://lists.samba.org/archive/samba-technical/2020-September/135747.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342"
            },
            {
              "name": "GLSA-202009-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202009-16"
            },
            {
              "name": "openSUSE-SU-2020:1579",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html"
            },
            {
              "name": "FEDORA-2020-ea0b9caac3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/"
            },
            {
              "name": "FEDORA-2020-cfdd73f1b4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14342",
    "datePublished": "2020-09-09T11:13:35.000Z",
    "dateReserved": "2020-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:39:36.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}