Main Vulnerability Database Vulnerabilities #VU33118

Information disclosure - CVE-2012-1586

Published: August 28, 2012 / Updated: August 4, 2020

Vulnerability identifier: #VU33118

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2012-1586

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

How to mitigate CVE-2012-1586

Install update from vendor's website.

Sources

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html
http://www.openwall.com/lists/oss-security/2012/03/27/1
http://www.openwall.com/lists/oss-security/2012/03/27/6
https://bugzilla.samba.org/show_bug.cgi?id=8821

Information disclosure - CVE-2012-1586

Detailed vulnerability description

How to mitigate CVE-2012-1586

Sources

Please verify you're human