Main Vulnerability Database Vulnerabilities #VU33118

#VU33118 Information disclosure - CVE-2012-1586

Published: August 28, 2012 / Updated: August 4, 2020

Vulnerability identifier: #VU33118

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2012-1586

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

Remediation

Install update from vendor's website.

External links

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html
http://www.openwall.com/lists/oss-security/2012/03/27/1
http://www.openwall.com/lists/oss-security/2012/03/27/6
https://bugzilla.samba.org/show_bug.cgi?id=8821

#VU33118 Information disclosure - CVE-2012-1586

Description

Remediation

External links

Please verify you're human