ALAS2023-2024-530 --- cifs-utils| ID: oval:org.secpod.oval:def:19500613 | Date: (C)2024-02-29 (M)2024-02-29 |
| Class: PATCH | Family: unix |
A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs
| Platform: |
| Amazon Linux 2023 |
| Product: |
| cifs-utils |
| pam_cifscreds |
