Wind River Support Network

HomeDefectsLIN8-12875
Fixed

LIN8-12875 : Security Advisory - cifs-utils - CVE-2020-14342

Created: Sep 9, 2020    Updated: Sep 23, 2020
Resolved Date: Sep 21, 2020
Found In Version: 8.0.0.1
Fix Version: 8.0.0.34
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

CREATE(Triage):(User=admin) [CVE-2020-14342|https://nvd.nist.gov/vuln/detail/CVE-2020-14342]

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube