Headline
Ubuntu Security Notice USN-5459-1
Ubuntu Security Notice 5459-1 - Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
==========================================================================
Ubuntu Security Notice USN-5459-1
June 02, 2022
cifs-utils vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in cifs-utils.
Software Description:
- cifs-utils: Common Internet File System utilities
Details:
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-29869)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
cifs-utils 2:6.14-1ubuntu0.1
Ubuntu 21.10:
cifs-utils 2:6.11-3.1ubuntu0.1
Ubuntu 20.04 LTS:
cifs-utils 2:6.9-1ubuntu0.2
Ubuntu 18.04 LTS:
cifs-utils 2:6.8-1ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5459-1
CVE-2020-14342, CVE-2021-20208, CVE-2022-27239, CVE-2022-29869
Package Information:
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.14-1ubuntu0.1
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.11-3.1ubuntu0.1
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.9-1ubuntu0.2
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.8-1ubuntu1.2
Related news
Gentoo Linux Security Advisory 202311-5 - Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation. Versions greater than or equal to 6.15 are affected.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.