'[oss-security] CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter
From:       Marcus Meissner <meissner () suse ! de>
Date:       2022-04-27 7:45:54
Message-ID: 20220427074550.GL28706 () suse ! de
[Download RAW message or body]

Hi,

A buffer overflow in mounts.cifs commandline parameter ip= handling
was just fixed/published.

CVE-2022-27239

https://bugzilla.suse.com/show_bug.cgi?id=1197216
https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765

(mounts.cifs is usually setuid-root)

This was reported by Jeffrey Bencteux <jbe@improsec.com> to samba security.

Both -fstack-protector and -D_FORTIFY_SOURCE=2 overflow protections are catching it.

Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic