Red Hat Security Advisory: cifs-utils security, bug fix, and enhancement update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2012:0902 Final 4 4 2012-06-20T08:36:00Z Current version 2012-06-20T08:36:00Z 2012-06-20T08:36:00Z Red Hat rhsa-to-cvrf 1.0.1484 2012-06-20T09:00:40Z An updated cifs-utils package that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. (CVE-2012-1586) Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. This update also fixes the following bugs: * The cifs.mount(8) manual page was previously missing documentation for several mount options. With this update, the missing entries have been added to the manual page. (BZ#769923) * Previously, the mount.cifs utility did not properly update the "/etc/mtab" system information file when remounting an existing CIFS mount. Consequently, mount.cifs created a duplicate entry of the existing mount entry. This update adds the del_mtab() function to cifs.mount, which ensures that the old mount entry is removed from "/etc/mtab" before adding the updated mount entry. (BZ#770004) * The mount.cifs utility did not properly convert user and group names to numeric UIDs and GIDs. Therefore, when the "uid", "gid" or "cruid" mount options were specified with user or group names, CIFS shares were mounted with default values. This caused shares to be inaccessible to the intended users because UID and GID is set to "0" by default. With this update, user and group names are properly converted so that CIFS shares are now mounted with specified user and group ownership as expected. (BZ#796463) * The cifs.upcall utility did not respect the "domain_realm" section in the "krb5.conf" file and worked only with the default domain. Consequently, an attempt to mount a CIFS share from a different than the default domain failed with the following error message: mount error(126): Required key not available This update modifies the underlying code so that cifs.upcall handles multiple Kerberos domains correctly and CIFS shares can now be mounted as expected in a multi-domain environment. (BZ#805490) In addition, this update adds the following enhancements: * The cifs.upcall utility previously always used the "/etc/krb5.conf" file regardless of whether the user had specified a custom Kerberos configuration file. This update adds the "--krb5conf" option to cifs.upcall allowing the administrator to specify an alternate krb5.conf file. For more information on this option, refer to the cifs.upcall(8) manual page. (BZ#748756) * The cifs.upcall utility did not optimally determine the correct service principal name (SPN) used for Kerberos authentication, which occasionally caused krb5 authentication to fail when mounting a server's unqualified domain name. This update improves cifs.upcall so that the method used to determine the SPN is now more versatile. (BZ#748757) * This update adds the "backupuid" and "backupgid" mount options to the mount.cifs utility. When specified, these options grant a user or a group the right to access files with the backup intent. For more information on these options, refer to the mount.cifs(8) manual page. (BZ#806337) All users of cifs-utils are advised to upgrade to this updated package, which contains backported patches to fix these issues and add these enhancements. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2012 Red Hat, Inc. All rights reserved. Low https://rhn.redhat.com/errata/RHSA-2012-0902.html https://rhn.redhat.com/errata/RHSA-2012-0902.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/updates/classification/#low https://bugzilla.redhat.com/show_bug.cgi?id=748756 https://bugzilla.redhat.com/show_bug.cgi?id=748756 https://bugzilla.redhat.com/show_bug.cgi?id=748757 https://bugzilla.redhat.com/show_bug.cgi?id=748757 Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) cifs-utils-4.8.1-10.el6.src.rpm cifs-utils-4.8.1-10.el6 as a component of Red Hat Enterprise Linux Workstation (v. 6) cifs-utils-4.8.1-10.el6 as a component of Red Hat Enterprise Linux HPC Node (v. 6) cifs-utils-4.8.1-10.el6 as a component of Red Hat Enterprise Linux Desktop (v. 6) cifs-utils-4.8.1-10.el6 as a component of Red Hat Enterprise Linux Server (v. 6) A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. 2012-03-27T00:00:00Z 2012-03-21T00:00:00Z CVE-2012-1586 6Client:cifs-utils-4.8.1-10.el6 6ComputeNode:cifs-utils-4.8.1-10.el6 6Server:cifs-utils-4.8.1-10.el6 6Workstation:cifs-utils-4.8.1-10.el6 Low 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-0902.html https://www.redhat.com/security/data/cve/CVE-2012-1586.html CVE-2012-1586 https://bugzilla.redhat.com/show_bug.cgi?id=807252 bz#807252: CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability