[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter
From: Marcus Meissner <meissner () suse ! de>
Date: 2022-04-27 7:45:54
Message-ID: 20220427074550.GL28706 () suse ! de
[Download RAW message or body]
Hi,
A buffer overflow in mounts.cifs commandline parameter ip= handling
was just fixed/published.
CVE-2022-27239
https://bugzilla.suse.com/show_bug.cgi?id=1197216
https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765
(mounts.cifs is usually setuid-root)
This was reported by Jeffrey Bencteux <jbe@improsec.com> to samba security.
Both -fstack-protector and -D_FORTIFY_SOURCE=2 overflow protections are catching it.
Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic