Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 743211 (CVE-2020-14342) - <net-fs/cifs-utils-6.11: Shell injection via mount options (CVE-2020-14342)
Summary: <net-fs/cifs-utils-6.11: Shell injection via mount options (CVE-2020-14342)
Status: RESOLVED FIXED
Alias: CVE-2020-14342
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.samba.org/archive/samba...
Whiteboard: C1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-18 04:07 UTC by John Helmert III (ajak)
Modified: 2020-09-29 18:12 UTC (History)
1 user (show)

See Also:
Package list:
net-fs/cifs-utils-6.11
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-09-18 04:07:56 UTC
From $URL:

A bug has been reported recently for the mount.cifs utility which is
part of the cifs-utils package. The tool has a shell injection issue
where one can embed shell commands via the username mount option. Those
commands will be run via popen() in the context of the user calling
mount.

The bug requires cifs-utils to be built with --with-systemd (enabled
by default if supported).



Bug is fixed in 6.11 so a bump may be useful but patches are available for most (if not all) affected versions.
Comment 1 Larry the Git Cow gentoo-dev 2020-09-18 06:09:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bbef22015f3243fc012becd396e145981eb6c05

commit 6bbef22015f3243fc012becd396e145981eb6c05
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-09-18 06:09:20 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-09-18 06:09:29 +0000

    net-fs/cifs-utils: Security bump to version 6.11
    
    Bug: https://bugs.gentoo.org/743211
    Package-Manager: Portage-3.0.7, Repoman-3.0.1
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/cifs-utils/Manifest               |   1 +
 net-fs/cifs-utils/cifs-utils-6.11.ebuild | 126 +++++++++++++++++++++++++++++++
 2 files changed, 127 insertions(+)
Comment 2 Sam James archtester gentoo-dev Security 2020-09-18 12:36:41 UTC
Thank you!
Comment 3 Sam James archtester gentoo-dev Security 2020-09-18 23:30:02 UTC
arm64 done
Comment 4 Sam James archtester gentoo-dev Security 2020-09-19 02:14:20 UTC
arm done
Comment 5 Sam James archtester gentoo-dev Security 2020-09-19 22:05:45 UTC
amd64 done
Comment 6 Sergei Trofimovich gentoo-dev 2020-09-20 08:52:23 UTC
ppc stable
Comment 7 Thomas Deutschmann gentoo-dev Security 2020-09-20 16:28:52 UTC
x86 stable
Comment 8 Rolf Eike Beer 2020-09-21 18:39:42 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-09-23 10:29:48 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Comment 10 Larry the Git Cow gentoo-dev 2020-09-28 07:26:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ad1ab37dc2746bb2a0dd1e46ed1f9132879d93e

commit 1ad1ab37dc2746bb2a0dd1e46ed1f9132879d93e
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-09-28 07:26:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-09-28 07:26:03 +0000

    net-fs/cifs-utils: Security cleanup
    
    Bug: https://bugs.gentoo.org/743211
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/cifs-utils/Manifest                  |   2 -
 net-fs/cifs-utils/cifs-utils-6.10-r1.ebuild | 124 ----------------------------
 net-fs/cifs-utils/cifs-utils-6.9-r1.ebuild  | 119 --------------------------
 3 files changed, 245 deletions(-)
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2020-09-29 18:12:58 UTC
This issue was resolved and addressed in
 GLSA 202009-16 at https://security.gentoo.org/glsa/202009-16
by GLSA coordinator Sam James (sam_c).