oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter

From: Marcus Meissner <meissner () suse de>
Date: Wed, 27 Apr 2022 09:45:54 +0200
Hi,

A buffer overflow in mounts.cifs commandline parameter ip= handling
was just fixed/published.

CVE-2022-27239

https://bugzilla.suse.com/show_bug.cgi?id=1197216
https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765

(mounts.cifs is usually setuid-root)

This was reported by Jeffrey Bencteux <jbe () improsec com> to samba security.

Both -fstack-protector and -D_FORTIFY_SOURCE=2 overflow protections are catching it.

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: