743211 – (CVE-2020-14342) <net-fs/cifs-utils-6.11: Shell injection via mount options (CVE-2020-14342)

Bug 743211 (CVE-2020-14342) - <net-fs/cifs-utils-6.11: Shell injection via mount options (CVE-2020-14342)

Summary: <net-fs/cifs-utils-6.11: Shell injection via mount options (CVE-2020-14342)

Status:	RESOLVED FIXED

Alias:	CVE-2020-14342

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://lists.samba.org/archive/samba...
Whiteboard:	C1 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-09-18 04:07 UTC by John Helmert III
Modified:	2020-09-29 18:12 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	net-fs/cifs-utils-6.11
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-09-18 04:07:56 UTC

From $URL:

A bug has been reported recently for the mount.cifs utility which is
part of the cifs-utils package. The tool has a shell injection issue
where one can embed shell commands via the username mount option. Those
commands will be run via popen() in the context of the user calling
mount.

The bug requires cifs-utils to be built with --with-systemd (enabled
by default if supported).



Bug is fixed in 6.11 so a bump may be useful but patches are available for most (if not all) affected versions.

Comment 1 Larry the Git Cow gentoo-dev

2020-09-18 06:09:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bbef22015f3243fc012becd396e145981eb6c05

commit 6bbef22015f3243fc012becd396e145981eb6c05
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-09-18 06:09:20 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-09-18 06:09:29 +0000

    net-fs/cifs-utils: Security bump to version 6.11
    
    Bug: https://bugs.gentoo.org/743211
    Package-Manager: Portage-3.0.7, Repoman-3.0.1
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/cifs-utils/Manifest               |   1 +
 net-fs/cifs-utils/cifs-utils-6.11.ebuild | 126 +++++++++++++++++++++++++++++++
 2 files changed, 127 insertions(+)

Comment 2 Sam James archtester

2020-09-18 12:36:41 UTC

Thank you!

Comment 3 Sam James archtester

2020-09-18 23:30:02 UTC

arm64 done

Comment 4 Sam James archtester

2020-09-19 02:14:20 UTC

arm done

Comment 5 Sam James archtester

2020-09-19 22:05:45 UTC

amd64 done

Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev

2020-09-20 08:52:23 UTC

ppc stable

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2020-09-20 16:28:52 UTC

x86 stable

Comment 8 Rolf Eike Beer archtester

2020-09-21 18:39:42 UTC

sparc stable

Comment 9 Agostino Sarubbo gentoo-dev

2020-09-23 10:29:48 UTC

ppc64 stable.

Maintainer(s), please cleanup.

Comment 10 Larry the Git Cow gentoo-dev

2020-09-28 07:26:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ad1ab37dc2746bb2a0dd1e46ed1f9132879d93e

commit 1ad1ab37dc2746bb2a0dd1e46ed1f9132879d93e
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-09-28 07:26:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-09-28 07:26:03 +0000

    net-fs/cifs-utils: Security cleanup
    
    Bug: https://bugs.gentoo.org/743211
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/cifs-utils/Manifest                  |   2 -
 net-fs/cifs-utils/cifs-utils-6.10-r1.ebuild | 124 ----------------------------
 net-fs/cifs-utils/cifs-utils-6.9-r1.ebuild  | 119 --------------------------
 3 files changed, 245 deletions(-)

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2020-09-29 18:12:58 UTC

This issue was resolved and addressed in
 GLSA 202009-16 at https://security.gentoo.org/glsa/202009-16
by GLSA coordinator Sam James (sam_c).