From the upstream bug at $URL: The mount.cifs binary, setuided by default in most of the linux distributions, perform a privileged chdir() to the supplied directory, before the fstab check. Then the user can deduce by the response, if is a existent file or a directory. This is setuided as root, then any user can identify /root/ files & directories. $ /sbin/mount.cifs //127.0.0.1/a /root/secret_directory/secret_file
Even though gentoo's cifs-utils is not installed setuid, I'll wait for upstream bug to be fixed before giving the "ok".
Fixed in cifs-utils-5.4. All vulnerable versions are gone from tree. @security: go ahead
Thanks, Victor. Unless I am mistaken--always a possibility-- cifs-utils has never been stable. Rerating as ~4 and resolving as fixed.
CVE-2012-1586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1586): mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
