oss-sec mailing list archives
CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter
From: Marcus Meissner <meissner () suse de>
Date: Wed, 27 Apr 2022 09:45:54 +0200
Hi, A buffer overflow in mounts.cifs commandline parameter ip= handling was just fixed/published. CVE-2022-27239 https://bugzilla.suse.com/show_bug.cgi?id=1197216 https://github.com/piastry/cifs-utils/pull/7 https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765 (mounts.cifs is usually setuid-root) This was reported by Jeffrey Bencteux <jbe () improsec com> to samba security. Both -fstack-protector and -D_FORTIFY_SOURCE=2 overflow protections are catching it. Ciao, Marcus
Current thread:
- CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter Marcus Meissner (Apr 27)