It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14342 | Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUMRICFXJVCBBOSKZSKT3HFVQM6VPJU3/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBNFSTJOQWVPFZAUJNNMAPY45PW5RTTE/ | |
https://lists.samba.org/archive/samba-technical/2020-September/135747.html | Exploit Mailing List Vendor Advisory |
https://security.gentoo.org/glsa/202009-16 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-09-09T11:13:35
Updated: 2020-11-11T02:06:43
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14342
JSON object: View
NVD Information
Status : Modified
Published: 2020-09-09T12:15:11.210
Modified: 2023-11-07T03:17:09.400
Link: CVE-2020-14342
JSON object: View
Redhat Information
No data.