CVE-2012-1586
mount.cifs - 'chdir()' Arbitrary Root File Identification
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
mount.cifs en cifs-utils v2.6 permite a los usuarios locales determinar la existencia de ficheros o directorios arbitrarios a través de la ruta del archivo en el segundo argumento, que revela la existencia de un mensaje de error.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-03-12 CVE Reserved
- 2012-04-25 First Exploit
- 2012-05-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923 | X_refsource_misc | |
http://www.openwall.com/lists/oss-security/2012/03/27/1 | Mailing List | |
http://www.openwall.com/lists/oss-security/2012/03/27/6 | Mailing List | |
https://bugzilla.samba.org/show_bug.cgi?id=8821 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/18783 | 2012-04-25 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html | 2012-08-28 | |
https://access.redhat.com/security/cve/CVE-2012-1586 | 2012-06-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=807252 | 2012-06-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Cifs-utils Search vendor "Debian" for product "Cifs-utils" | 2.6 Search vendor "Debian" for product "Cifs-utils" and version "2.6" | - |
Affected
|