CVE-2012-1586: Infoleak
First published: Mon Aug 27 2012(Updated: )
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CIFS Utils | =2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1586?
CVE-2012-1586 is classified as a medium severity vulnerability.
How does CVE-2012-1586 affect cifs-utils?
CVE-2012-1586 allows local users to determine the existence of arbitrary files or directories based on error messages produced by mount.cifs.
Which versions of cifs-utils are affected by CVE-2012-1586?
CVE-2012-1586 affects cifs-utils version 2.6.
How do I fix CVE-2012-1586?
To fix CVE-2012-1586, update cifs-utils to a version that is not vulnerable to this issue.
What is the impact of exploiting CVE-2012-1586?
Exploiting CVE-2012-1586 may lead to information disclosure about the file system.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/cifs utils
- version/cifs utils/2.6