SUSE update for cifs-utils

1) Stack-based buffer overflow

EUVDB-ID: #VU63956

Risk: Low

CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]

CVE-ID: CVE-2022-27239

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when parsing the "mount.cifs ip=" command-line argument. A local user can pass specially crafted data to the command, trigger a stack-based buffer overflow and execute arbitrary code with root privileges.

Mitigation

Update the affected package cifs-utils to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Realtime Extension: 15-SP2

SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP3-LTSS

SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP3-LTSS

SUSE Enterprise Storage: 6 - 7.1

SUSE Linux Enterprise Micro: 5.2

SUSE Manager Server: 4.1 - 4.2

SUSE Manager Retail Branch Server: 4.1

SUSE Manager Proxy: 4.1 - 4.2

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP2

SUSE Linux Enterprise Desktop: 15-SP3

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.3

SUSE Linux Enterprise Server for SAP Applications: 15-SP3

SUSE Linux Enterprise Module for Basesystem: 15-SP3

pam_cifscreds-debuginfo: before 6.9-150100.5.15.1

pam_cifscreds: before 6.9-150100.5.15.1

cifs-utils-devel: before 6.9-150100.5.15.1

cifs-utils-debugsource: before 6.9-150100.5.15.1

cifs-utils-debuginfo: before 6.9-150100.5.15.1

cifs-utils: before 6.9-150100.5.15.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_realtime_extension:15-SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP2-BCL:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP2-ESPOS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_desktop:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:pam_cifscreds-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam_cifscreds:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:cifs-utils-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:cifs-utils-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:cifs-utils-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:cifs-utils:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2022/suse-su-20221430-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.