CVE-2012-1586 – mount.cifs - 'chdir()' Arbitrary Root File Identification

https://notcve.org/view.php?id=CVE-2012-1586

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. mount.cifs en cifs-utils v2.6 permite a los usuarios locales determinar la existencia de ficheros o directorios arbitrarios a través de la ruta del archivo en el segundo argumento, que revela la existencia de un mensaje de error. • https://www.exploit-db.com/exploits/18783 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html http://www.openwall.com/lists/oss-security/2012/03/27/1 http://www.openwall.com/lists/oss-security/2012/03/27/6 https://bugzilla.samba.org/show_bug.cgi?id=8821 https://access.redhat.com/security/cve/CVE-2012-1586 https://bugzilla.redhat.com/show_bug.cgi?id=807252 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •