opensuse-su-2024:10334-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
cifs-utils-6.5-1.5 on GA media
Notes
Title of the patch
cifs-utils-6.5-1.5 on GA media
Description of the patch
These are all security issues fixed in the cifs-utils-6.5-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10334
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cifs-utils-6.5-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cifs-utils-6.5-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10334",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10334-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-1886 page",
"url": "https://www.suse.com/security/cve/CVE-2009-1886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-1888 page",
"url": "https://www.suse.com/security/cve/CVE-2009-1888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2813 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2906 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2948 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0547 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0728 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0787 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1586 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1586/"
}
],
"title": "cifs-utils-6.5-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10334-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.aarch64",
"product": {
"name": "cifs-utils-6.5-1.5.aarch64",
"product_id": "cifs-utils-6.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.aarch64",
"product": {
"name": "cifs-utils-devel-6.5-1.5.aarch64",
"product_id": "cifs-utils-devel-6.5-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.aarch64",
"product": {
"name": "pam_cifscreds-6.5-1.5.aarch64",
"product_id": "pam_cifscreds-6.5-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.ppc64le",
"product": {
"name": "cifs-utils-6.5-1.5.ppc64le",
"product_id": "cifs-utils-6.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.ppc64le",
"product": {
"name": "cifs-utils-devel-6.5-1.5.ppc64le",
"product_id": "cifs-utils-devel-6.5-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.ppc64le",
"product": {
"name": "pam_cifscreds-6.5-1.5.ppc64le",
"product_id": "pam_cifscreds-6.5-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.s390x",
"product": {
"name": "cifs-utils-6.5-1.5.s390x",
"product_id": "cifs-utils-6.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.s390x",
"product": {
"name": "cifs-utils-devel-6.5-1.5.s390x",
"product_id": "cifs-utils-devel-6.5-1.5.s390x"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.s390x",
"product": {
"name": "pam_cifscreds-6.5-1.5.s390x",
"product_id": "pam_cifscreds-6.5-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cifs-utils-6.5-1.5.x86_64",
"product": {
"name": "cifs-utils-6.5-1.5.x86_64",
"product_id": "cifs-utils-6.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "cifs-utils-devel-6.5-1.5.x86_64",
"product": {
"name": "cifs-utils-devel-6.5-1.5.x86_64",
"product_id": "cifs-utils-devel-6.5-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cifscreds-6.5-1.5.x86_64",
"product": {
"name": "pam_cifscreds-6.5-1.5.x86_64",
"product_id": "pam_cifscreds-6.5-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64"
},
"product_reference": "cifs-utils-6.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le"
},
"product_reference": "cifs-utils-6.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x"
},
"product_reference": "cifs-utils-6.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-6.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64"
},
"product_reference": "cifs-utils-6.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64"
},
"product_reference": "cifs-utils-devel-6.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le"
},
"product_reference": "cifs-utils-devel-6.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x"
},
"product_reference": "cifs-utils-devel-6.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cifs-utils-devel-6.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64"
},
"product_reference": "cifs-utils-devel-6.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64"
},
"product_reference": "pam_cifscreds-6.5-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le"
},
"product_reference": "pam_cifscreds-6.5-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x"
},
"product_reference": "pam_cifscreds-6.5-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cifscreds-6.5-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
},
"product_reference": "pam_cifscreds-6.5-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-1886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-1886"
}
],
"notes": [
{
"category": "general",
"text": "Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-1886",
"url": "https://www.suse.com/security/cve/CVE-2009-1886"
},
{
"category": "external",
"summary": "SUSE Bug 513360 for CVE-2009-1886",
"url": "https://bugzilla.suse.com/513360"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-1886",
"url": "https://bugzilla.suse.com/515479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2009-1886"
},
{
"cve": "CVE-2009-1888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-1888"
}
],
"notes": [
{
"category": "general",
"text": "The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-1888",
"url": "https://www.suse.com/security/cve/CVE-2009-1888"
},
{
"category": "external",
"summary": "SUSE Bug 513360 for CVE-2009-1888",
"url": "https://bugzilla.suse.com/513360"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-1888",
"url": "https://bugzilla.suse.com/515479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-1888"
},
{
"cve": "CVE-2009-2813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2813"
}
],
"notes": [
{
"category": "general",
"text": "Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2813",
"url": "https://www.suse.com/security/cve/CVE-2009-2813"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-2813",
"url": "https://bugzilla.suse.com/515479"
},
{
"category": "external",
"summary": "SUSE Bug 539517 for CVE-2009-2813",
"url": "https://bugzilla.suse.com/539517"
},
{
"category": "external",
"summary": "SUSE Bug 543115 for CVE-2009-2813",
"url": "https://bugzilla.suse.com/543115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-2813"
},
{
"cve": "CVE-2009-2906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2906"
}
],
"notes": [
{
"category": "general",
"text": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2906",
"url": "https://www.suse.com/security/cve/CVE-2009-2906"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-2906",
"url": "https://bugzilla.suse.com/515479"
},
{
"category": "external",
"summary": "SUSE Bug 543115 for CVE-2009-2906",
"url": "https://bugzilla.suse.com/543115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2009-2906"
},
{
"cve": "CVE-2009-2948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2948"
}
],
"notes": [
{
"category": "general",
"text": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2948",
"url": "https://www.suse.com/security/cve/CVE-2009-2948"
},
{
"category": "external",
"summary": "SUSE Bug 515479 for CVE-2009-2948",
"url": "https://bugzilla.suse.com/515479"
},
{
"category": "external",
"summary": "SUSE Bug 542150 for CVE-2009-2948",
"url": "https://bugzilla.suse.com/542150"
},
{
"category": "external",
"summary": "SUSE Bug 543115 for CVE-2009-2948",
"url": "https://bugzilla.suse.com/543115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2009-2948"
},
{
"cve": "CVE-2010-0547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0547"
}
],
"notes": [
{
"category": "general",
"text": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0547",
"url": "https://www.suse.com/security/cve/CVE-2010-0547"
},
{
"category": "external",
"summary": "SUSE Bug 577868 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/577868"
},
{
"category": "external",
"summary": "SUSE Bug 577925 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/577925"
},
{
"category": "external",
"summary": "SUSE Bug 583535 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/583535"
},
{
"category": "external",
"summary": "SUSE Bug 583536 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/583536"
},
{
"category": "external",
"summary": "SUSE Bug 594263 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/594263"
},
{
"category": "external",
"summary": "SUSE Bug 597421 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/597421"
},
{
"category": "external",
"summary": "SUSE Bug 602694 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/602694"
},
{
"category": "external",
"summary": "SUSE Bug 709819 for CVE-2010-0547",
"url": "https://bugzilla.suse.com/709819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-0547"
},
{
"cve": "CVE-2010-0728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0728"
}
],
"notes": [
{
"category": "general",
"text": "smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0728",
"url": "https://www.suse.com/security/cve/CVE-2010-0728"
},
{
"category": "external",
"summary": "SUSE Bug 586683 for CVE-2010-0728",
"url": "https://bugzilla.suse.com/586683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2010-0728"
},
{
"cve": "CVE-2010-0787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0787"
}
],
"notes": [
{
"category": "general",
"text": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0787",
"url": "https://www.suse.com/security/cve/CVE-2010-0787"
},
{
"category": "external",
"summary": "SUSE Bug 550002 for CVE-2010-0787",
"url": "https://bugzilla.suse.com/550002"
},
{
"category": "external",
"summary": "SUSE Bug 602694 for CVE-2010-0787",
"url": "https://bugzilla.suse.com/602694"
},
{
"category": "external",
"summary": "SUSE Bug 620680 for CVE-2010-0787",
"url": "https://bugzilla.suse.com/620680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-0787"
},
{
"cve": "CVE-2012-1586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1586"
}
],
"notes": [
{
"category": "general",
"text": "mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1586",
"url": "https://www.suse.com/security/cve/CVE-2012-1586"
},
{
"category": "external",
"summary": "SUSE Bug 754443 for CVE-2012-1586",
"url": "https://bugzilla.suse.com/754443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-6.5-1.5.x86_64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.aarch64",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.s390x",
"openSUSE Tumbleweed:cifs-utils-devel-6.5-1.5.x86_64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.aarch64",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.ppc64le",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.s390x",
"openSUSE Tumbleweed:pam_cifscreds-6.5-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-1586"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…