Headline
CVE-2022-27239: Linux CIFS Utils and Samba - Free Knowledge Base
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Samba was developed by a team by using “network analysis” or “protocol analysis” to create file and print services to Microsoft Windows clients and servers. Samba is free open source software. Samba makes possible interoperability between Linux/Unix servers and Windows-based clients and servers. Samba originally worked with SMB (Server Message Block) to communicate with Windows machines. Today CIFS (Common Internet File System) is used instead. As a footnote, Samba dates back to 1992!
Server Message Block (SMB) protocol, also called the Session Message Block, NetBIOS or LanManager protocol.
Contents
- 1 What are the differences between CIFS and SAMBA?
- 2 The cifs utils Package
- 3 Mounting Windows shares on your Linux system
- 3.1 command line mount
- 3.2 fstab persistent mount
- 3.3 Slightly improved security with credentials=filename
- 3.4 SMB protocol versions
- 3.5 No dialect specified on mount
- 3.6 all mounted files and directories owned by root
- 3.7 gvfs
- 4 Share a Linux drive with Windows over the network
- 5 Samba Command Line Utilities
- 5.1 smbclient
- 6 Accessing Windows Shares: Discussion
- 6.1 Gigolo
- 6.2 GVFS / SMB Paths
- 6.3 AutoFS can be used to replace Gigolo
- 6.4 mount via a shell script
- 7 resources
What are the differences between CIFS and SAMBA?
Today Samba implements the CIFS network protocol to work with changes Microsoft has made in their Windows networking platform. CIFS is the extension of the SMB protocol. The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux.
The original protocol for sharing files, disks, directories, and printers across a network of Microsoft machines was by use of Server Message Block. There are underlying protocols involved with SMB with some examples being: “NetBIOS over NetBEUI” and “NetBIOS over TCP/IP” Samba traditionally required “NetBIOS over TCP/IP” and didn’t support “NetBIOS over NetBEUI.” This is fine as NetBEUI is not Internet routable and is not a currently support protocol, even by Microsoft. WINS is for resolving a NetBIOS name to an IP address, however, modern implementations avoid NetBIOS usage though Internal DNS.
CIFS pretty much takes care of all connectivity on a network for your *nix machines and Microsoft Windows. However, Samba does still support SMB and an example where this is useful may be if sharing with older Windows operating systems still using NetBIOS that will want to connect to the Samba server via port 137, 138, 139. The modern CIFS protocol is strictly port 445. This is ‘smbfs’ versus the modern ‘cifs’ in Linux.
Microsoft is the industry bully, trying to lay claim to protocols and technologies developed by others. Microsoft tried to claim SMB as their own by calling it Microsoft Networking. The company was a force behind the renaming of SMB (Server Message Block) to CIFS (Common Internet File System.)
Irony and Confusion:
Samba is a result of reverse engineering the proprietary SMB protocol created at IBM and adopted by Microsoft. CIFS (Common Internet File Share or System) is an offspring rebranded version of SMB protocol created by Microsoft and although Microsoft proposed it and marketed it as a standard it never made it. Today, truthfully CIFS is not the network storage protocol used by Microsoft Windows, and many other clients. The protocol used to share files over a LAN by the majority of personal computers is called SMB.
Then there is SMB2 which is not CIFS. Microsoft has released details about implementation that enables third party servers and clients. Now in Windows 10 and Windows Server 2016 there is the SMB3 (3.1) protocol.
CIFS is OUT:
The CIFS implementation of SMB is rarely used these days. Most modern storage systems no longer use CIFS, they use SMB 2 or SMB 3. In the Windows world, SMB 2 has been the standard as of Windows Vista (2006) and SMB 3 is part of Windows 8 and Windows Server 2012. Like CIFS, Samba implements the SMB protocol which is what allows Windows clients to transparently access Linux directories. Samba allows for a Linux server to act as a Domain Controller. By doing so, user credentials on the Windows domain can be used instead of needing to be recreated and then manually kept in sync on the Linux server.
The cifs utils Package
The cifs-utils package is available for modern Linux kernels as the protocol is supported directly in the kernel. The cifs-utils package is not part of Samba, although they were originally included with it. Today you do not need to install Samba to have cifs-utils. Install the cifs-utils package for connectivity to Microsoft Networks. Samba is not deprecated. Samba provides both cifs and smb support, and comes with many additional tools. For basic connectivity to a modern Microsoft Windows Network, Samba is simply no longer necessary.
This documentation is largely Linux centric and cifs-utils is a package for Linux systems. Under distributions such as Debian and Ubuntu you can check to see if you have cifs-utils installed and what version it is by typing the command: (as root or sudo)
apt-cache policy cifs-utils
To install cifs-utils on a modern debian or ubuntu system
apt-get install cifs-utils
To install cifs-utils on an old legacy system
apt-get install smbfs
To install cifs-utils on Redhat / Fedora / CentOS
yum install cifs-utils
Or to install everything, for cifs / smb on RH
yum install samba-client samba-common cifs-utils
Mounting Windows shares on your Linux system
You can mount a share with a console command to make a temporary mount until the next reboot, or you can add an entry into fstab to make a persistent mount.
You have to create an empty directory for the mount point. This should be done in /mnt for all mount points you create.
command line mount
Quick basic examples of command line mounts
mount -t cifs -o username=USERNAME,password=PASSWD //192.168.1.88/shares /mnt/share mount -t cifs //192.168.1.102/share_name /media/my_share -o username=theuser,password=thepass,iocharset=utf8,file_mode=0777,dir_mode=0777
Another example for a modern NAS
sudo mount -t cifs -o user=nicolep,uid=1001 //apollo/documents /mnt/documents
She will be prompted for a password when she executes this command for sudo, and again for the SMB account password for her account nicolep. Also, the uid is set matching her local account in /etc/passwd so that the mounted share does not appear with all files and directories as owner root, thus they would have not been writable to her.
error: mount.cifs: bad UNC (/apollo/documents) <- if you are getting this error make sure you have two forward slashes on the path //apollo
Unmount when done
sudo umount //apollo/nicolep
fstab persistent mount
Quick basic example of a cfis mount entry in fstab to connect to shares on a Windows file server or NAS device. A discussion of windows network share integration for linux points out the flaws in this approach.
There are more than one ways to do this. This example uses cifs to permanently mount the shares so that they will be available after reboot. If the system complains add the ‘noauto’ parameter.
- First edit your /etc/hosts file and add the hostname and IP address of the windows share or file server
- Next create mount points in /mnt for each windows share
- Make sure you have cifs installed
- Edit /etc/fstab and add a line for each windows share, see examples:
//apollo/public/ /mnt/public cifs username=nicolep,password=mythtv,iocharset=utf8,sec=ntlm 0 0 //apollo/media/ /mnt/media cifs username=nicolep,password=mythtv,iocharset=utf8,sec=ntlm 0 0 //apollo/video/ /mnt/video cifs username=nicolep,password=mythtv,iocharset=utf8,sec=ntlm 0 0
- mount the shares
mount -a
- This provides read-only access to the network shares.
KERNEL CHANGE BREAKS CIFS.
Somewhere between kernel 4.10.0-38 4.15.0-20 a change was made that COULD PREVENT your cifs shares from mounting. Kernels at and before 4.10 used SMB (Server Message Block) version 1.0 as the default if not specified. Most folks did not specify it so it defaulted to 1.0 and worked. Microsoft ditched 1.0 in Windows 10 and dropped support. Linux kernel developers decided to change the kernel code to no longer default to SMB 1.0 and now default to a newer version. For people that are using legacy networks or NAS devices, it breaks the mounting example from above.
Solution: Specify the SMB version.
The solution is to tell mount.cifs to use the SMB2, SMB2.1 or SMB3.0 protocol using the “vers” parameter. in Linux CIFS Utils and Samba Specify 1.0, 2.0, 2.1, or 3.0.
For the following full line example a linux desktop is connecting to an older NAS device. It is necessary to specify SMB version 1.0. Example:
//apollo/video/ /mnt/video cifs defaults,vers=1.0,domain=workgroup,username=nicolep,password=mythtv,iocharset=utf8,sec=ntlm 0 0
To quickly unmount all your cifs mounts (if the network file server goes down or NAS is offline your system can hang unless you release the mounts)
sudo umount -a -t cifs -l
Slightly improved security with credentials=filename
You can now Substitute your Windows username and password in the fstab command by specifying “credentials.” Then file permissions can be used to restrict read access to the still plain text passwords in the credentials file. using credentials=filename specifies a file that contains a username and/or password. This is preferred over having passwords in plaintext in a shared file, such as /etc/fstab. Be sure to protect any credentials by saving the file (as root) to /root/, and chmod 600.
cd echo username=mywindowsusername > /root/.smbpasswd echo password=mywindowspassword >> /root/.smbpasswd chmod 600 /root/.smbpasswd
Then in fstab
credentials=/root/.smbpasswd
An example of the fstab entry:
//apollo/video/ /mnt/video cifs defaults,vers=1.0,domain=workgroup,credentials=/root/.smbpasswd,iocharset=utf8,sec=ntlm 0 0
This is only the basic level of security that standard file ownership and permissions provide. It is not possible to encrypt the username or password. smbclient needs access to the plaintext password in order to mount the share. Although the SMB/CIFS session is typically negotiated without sending the unencrypted password across the network, the client still needs access to the plaintext password in order to properly encrypt it during the authentication phase.
SMB protocol versions
- updated info for 2019
According to the Samba Official Wiki the Linux cifs kernel client has been included in the kernel since kernel version 2.5.42. SMB3 is the now the default dialect (SMB3.02/SMB3/SMB2.1 dialects are requested by default). CIFS protocol (and other old dialects) can be selected (by specifying “vers=1.0” or “vers=2.02” in the mount options. The newest, most secure dialect, SMB3.11 can also be requested (vers=3.1.1). If you want to try current SMB3 support on an older kernel, full backports of all SMB3/CIFS fixes to earlier kernel versions.
SMB versions:
- 1.0 - The classic CIFS/SMBv1 protocol.
- 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) that is not supported.
- 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.
- 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.
- 3.11 - latest
Specify with “vers=” and consider that the Linux kernel does not fully support all of the features in these new SMB versions.
No dialect specified on mount
When attempting to ‘mount -a’ against your /etc/fstab you see a system generated error
mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Further analysis by looking at kern.log
tail -f /var/log/kern.log
Reveals the following error message
kernel: [86079.045389] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. kernel: [86079.065167] CIFS VFS: Unable to select appropriate authentication method! kernel: [86079.065176] CIFS VFS: Send error in SessSetup = -22 kernel: [86079.065219] CIFS VFS: cifs_mount failed w/return code = -22
You can always specify a version of SMB
//apollo/video/ /mnt/video cifs defaults,vers=1.0,domain=workgroup,username=nicolep,password=mythtv,iocharset=utf8,sec=ntlm 0 0
In this example it is specified that the oldest version, SMB 1.0, is specified because the file server is old and runs 1.0.
Most NAS devices as of 2020 support SMB 1 through SMB 3.
- SMB 1, SMB 2, SMB 2.1, SMB 3
We can use a more simplified format that avoids certain parameters being incompatible with the kernel’s preferred SMB version.
//apollo/home /mnt/nicolep cifs defaults,domain=workgroup,username=nicolep,password=mythtv,uid=1002
Note that we specified the uid of the user, which is the uid in /etc/passwd. Without specification of the uid the file system will seem “read only” to the user as owner and group on the mount point will be root when the uid is not specified.
Another note: we put the username and password in fstab in an insecure way. An evolution offering slightly better security is available using a so-called credentials file.
all mounted files and directories owned by root
Yes by default all the files and directories will be owned by the uid of the process or by root. You can force it otherwise.
sudo id user_name
If, for example, the user id is 1000 then you can use the following…
uid=1000(user_name) gid=1000(user_name) groups=…
Make the following entry in your /etc/fstab file :
//server_name/share_name /mount_path cifs defaults,uid=1000,gid=1000 0 0
Now when the share is mounted all files and folders will appear as the user with uid 1000. This is fine if you are the only user of the system. On a multiuser system this is problematic as other users will still be denied. Another option is to use dir_mode / file_mode to give everyone access:
dir_mode=0777,file_mode=0666
which will look like:
//server_name/share_name /mount_path cifs defaults,dir_mode=0777,file_mode=0666 0 0
gvfs
GVFS is discussed in Windows network share integration for linux as well as being compared to creating static mounts in fstab.
Gigolo is a popular front-end to easily manage connections to local and remote filesystems using GIO/GVfs. GVfs is a Virtual File System. GVFS is the virtual filesystem for the GNOME desktop, which allows users easy access to remote data such as accessing windows network shares on demand from your linux workstation. A cause of confusion is the fact that the file system abstraction used by the Linux kernel is also called the virtual file system (VFS) layer. The GVfs model differs from GnomeVFS, which it replaces, in that file systems must be mounted before they are used. There is a master daemon (gvfsd) that handles coordinating mounts, and then each mount is (typically) in its own daemon process (although mounts can share daemon process). GVfs comes with a set of back-ends, including trash support, SFTP, FTP, WebDAV, SMB, and local data via Udev integration, OBEX, MTP and others.
GVfs also contains modules for GIO that implement volume monitors and the GNOME URI scheme handler configuration.
The question, “how do I do a share a Linux drive with Windows over the network?” is answered with CIFS/SMB.
You can use Samba Utils (debian/ubuntu)
sudo apt-get install system-config-samba
Or you can manually edit the samba config files
vi /etc/samba/smb.conf
See: Example Mythbuntu SMB Shares
Restart samba after modifying workgroup and shares
service smbd restart service nmbd restart
If an error indicates smbd does not exist then you may need to install samba, even though a config file exists ( /etc/samba/smb.conf ) the samba package can be absent on Ubuntu / Mint.
apt install samba
Samba Command Line Utilities
Command that returns IP addresses of all Samba servers in one’s own broadcast domain:
nmblookup __SAMBA__
Command that returns a list of all NetBIOS names and their aliases of all Samba servers in the neighbourhood (it does a ‘node status query’):
nmblookup -S __SAMBA__
List of all IP adresses of SMB servers (that is, Linux+Unix/Samba or Windows) in the neighbourhood:
nmblookup ‘*’
List all NetBIOS names and their aliases of all SMB servers (Linux+Unix/Samba or Windows):
nmblookup -S ‘*’
For a specific workgroup, get a list of Netbios names
nmblookup -S WORKGROUP
smbclient
To connect to a Windows computer from Unix
smbclient //nicolep/C$ -U username -W workgroup
or
smbclient //nicolep/C -U Administrator -W workgroup
Windows Instant Messaging Pop-Up (like net send in windows)
smbclient -I ip-address -M netbios-name-of-recipient
Accessing Windows Shares: Discussion
What are the various methods you can access these kinds of network shares? As of 2019: most people use the nemo file manager or something like it that can make temporary mounts to network shares. There are disadvantages. Not all file managers do this. Not all software is compatible. The mapping is not persistent.
Lets look at the three ways we can gain access to a shared folder or NAS resource.
- Using the Nemo File Manager a network resource is browsed and a share temporarily mounted: nemo /run/user/$USER/gvfs
- Using the traditional (old fashioned) persistent network mount with mount and fstab
- Using Gigolo to Mount Remote shares.
- Using the mount command in a script (which prompts user for password when executed)
****Gigolo****
RECOMMENDED - As a means to mount NAS and network shares without having to edit fstab or hard coding passwords. More reliable than file manager tools like the one in Nautilus.
Gigolo is a facilitator to access and mount remote shares. It uses the same base samba client packages as other methods. “It mounts what it is told to."
sudo apt-get install gigolo sudo apt-get install gvfs-fuse
When you open up gigolo click on the Network tab on the side panel and it will eventually show you all your workgroups and all the hosts.
The remote share should be displayed in the right panel of gigolo and double clicking the share will open a file manager.
You can Set gigolo to start at login
mkdir /home/user-name/.config/autostart
- Menu > System Tools > System Settings > Startup Programs > Add > Command = gigolo
See more info at: https://forums.linuxmint.com/viewtopic.php?f=42&t=52144
Gigolo is a graphical frontend for the userspace virtual filesystem GIO/GVfs, which handles remote files. Gnome is not required however it requires GTK2 (2.12 or newer), DBus, and GLib (2.16 or newer).
Gigolo doesn’t just handle cifs sharing between a windows network and your linux desktop, it also facilitates other protocol connections or transfers from computer to computer including ssh / scp file copy without having to use the command terminal such as described Remote File Copy from the Linux Command Prompt, imagine doing it all from the GUI?
PROBLEMS - The problem with Gigolo is that it mounts shares using smb paths. Linux application support for smb paths is mostly broken. For this reason we are left with the problem of either exposing our password in the fstab file or using gigolo aka smb paths to access network shares and find a lot of applications can’t reach the files. Gigolo uses gvfs-mount as in ( gvfs-mount smb:// ) which results in unwieldy mount points. You will get a mount point that looks like ) /run/user/your-user-name/gvfs/smb-share:server=host_name,share=share_name ) and there’s not a damn thing you can do about it.
GVFS / SMB Paths
A gigolo mounted path uses the GVFS based SMB share format, like:
* smb://workgroup;[email protected]/share on 92.168.100.110
Boy is that ugly with spaces and special characters. An ugly path like that is just asking for trouble! Programs, such as USB Image Writer (a common utility available with Linux Mint / Ubuntu) will not work with smb paths. Try to read an ISO image from a network share, even after making a symlink to de-ugly the path, and the USB Image Writer application fails.
As explained elsewhere on this page, the traditional way to mount Windows (or Samba) shares involves hardcoding the credentials in fstab as plain text.
AutoFS can be used to replace Gigolo
AutoFS is a utility that allows a user to automatically connect to, mount, and use a samba share when the desired mount point is accessed and disconnects when not in use. It offers some distinct advantages over other methods. Unlike the standard fstab method there is no delay in booting the machine if the target server is not present and because of the way it designed there is no delay if the server goes down before you logoff the client.
See HowTo: Auto Mounting Samba Shares Using AutoFS for details.
The autofs filesystem module is only one part of an autofs system. There also needs to be a user-space program which looks up names and mounts filesystems. This will often be the “automount” program, though other tools including systemd can make use of autofs. Then autofs is a Linux kernel module with provides the autofs ilesystem type. Auto-mounts are mounted only as they are accessed, and are unmounted after a period of inactivity. Because of this, automounting NFS/Samba shares conserves bandwidth and offers better overall performance compared to static mounts via fstab.
- automount is the program used to configure a mount point for autofs. When autofs is started, an automount daemon is spawned for each map.
- Auto-mount or auto-mounting refers to the process of automatically mounting filesystems.
- autofs is the program that controls the operation of the automount daemons.
Install the autofs package either by clicking here or entering the following in a terminal window:
sudo apt install autofs
To configure autofs you will need to edit configuration files. The master configuration file for autofs is /etc/auto.master by default.
When specifying a CIFS share in a map file, specify -fstype=cifs and precede the share location with a colon (:).
mntpoint -fstype=cifs ://example.com/shrname
Example: Mount read-write, specifying a user and group to own the files:
mntpoint -fstype=cifs,rw,uid=myuserid,gid=mygrpid ://example.com/shrname
Example: Mount read-write, specifying a username and password to use to connect to the share:
mntpoint -fstype=cifs,rw,username=myuser,password=mypass ://example.com/shrname
mount via a shell script
A method of using the mount command in a shell script which will prompt the user for passwords. Doing this in a startup script will require some method of timeout as it could hold up system loading final.
Better to have a command to launch script when shares are needed
Based on executing the mount command in this fashion
sudo mount -t cifs -o username=nicolep //servername/public /mnt/public
resources
Ubuntu users may wish to read [https://wiki.ubuntu.com/MountWindowsSharesPermanently MountWindowsSharesPermanently] on the Ubuntu Wiki. It is a guide to how to mount CIFS shares permanently.
- Smbclient notes
- Example of cfis fstab
Related news
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
Updated web-admin-build packages are now available for Red Hat Gluster Storage 3.5 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache
Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat AMQ Broker 7.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22965: spring-framework: RCE via Data Binding on JDK 9+
Red Hat OpenShift Container Platform release 3.11.665 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43859: xstream: Injecting highly recursive collections or maps can cause a DoS * CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents * CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents * CVE-2022-25175: wo...
An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 7 and Oracle Linux 7 to Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A security update for convert2rhel is now available for supported conversions of CentOS Linux 8 and Oracle Linux 8 to Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0852: convert2rhel: Red Hat account password passed via command line by code
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1154: vim: use after free in utf_ptr2char
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for gzip is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-2154: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2166: mysql: Server: DML unspecified vulnerability (CPU Apr 2021) * CVE-2021-2372: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-2389: mysql: InnoDB unspecified vulnerability (CPU Jul 2021) * CVE-2021-35604: mysql: InnoDB unspecified vulnerab...
An update for zlib is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
An update for gzip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution