Vulnerability Name:

CVE-2022-27239 (CCN-225275)

Assigned:2022-04-27
Published:2022-04-27
Updated:2022-10-05
Summary:In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-27239

Source: MISC
Type: Third Party Advisory
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba

Source: MISC
Type: Issue Tracking, Permissions Required, Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=15025

Source: CCN
Type: Bugzilla - Bug 1197216
(CVE-2022-27239) VUL-0: CVE-2022-27239: cifs-utils: buffer overflow in commandline ip= handling

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1197216

Source: XF
Type: UNKNOWN
cifsutils-cve202227239-bo(225275)

Source: CCN
Type: cifs-utils GIT Repository
mount.cifs: two bug fixes #7

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-34de4f833d

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-7fda04ab5a

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-eb2d3ca94d

Source: CCN
Type: oss-sec Mailing List, Wed, 27 Apr 2022 09:45:54 +0200
CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter

Source: DEBIAN
Type: Third Party Advisory
DSA-5157

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-27239

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:cifs-utils:*:*:*:*:*:*:*:* (Version < 6.15)

  • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*
  • OR cpe:/a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*
  • OR cpe:/o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*
  • OR cpe:/a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*
  • OR cpe:/o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
  • OR cpe:/a:suse:manager_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*
  • OR cpe:/o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*
  • OR cpe:/a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:caas_platform:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_proxy:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*
  • OR cpe:/o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*
  • OR cpe:/o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*
  • OR cpe:/o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*
  • OR cpe:/o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*
  • OR cpe:/a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_server:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_server:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_proxy:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:suse:manager_proxy:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:hp:helion_openstack:8.0:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7462
    P
    cifs-utils-6.15-150400.3.9.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:93628
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:94469
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:93156
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:93834
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:95263
    P
    Security update for cifs-utils (Important)
    2022-07-13
    oval:org.opensuse.security:def:93316
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:94048
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:3633
    P
    Security update for cifs-utils (Important)
    2022-07-13
    oval:org.opensuse.security:def:93474
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:577
    P
    Security update for cifs-utils (Important)
    2022-07-13
    oval:org.opensuse.security:def:94260
    P
    (Important)
    2022-07-13
    oval:org.opensuse.security:def:125703
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:6021
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:101595
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:119191
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:126869
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:118694
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:864
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:119381
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:127266
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:118884
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:119566
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:5227
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:119076
    P
    Security update for cifs-utils (Important)
    2022-04-27
    oval:org.opensuse.security:def:42371
    P
    Security update for cifs-utils (Important)
    2022-04-27
    BACK
    samba cifs-utils *
    debian debian linux 9.0
    debian debian linux 10.0
    debian debian linux 11.0
    suse linux enterprise server 11 sp4
    suse openstack cloud 8.0
    suse linux enterprise server 15
    suse linux enterprise software development kit 12 sp5
    suse openstack cloud crowbar 8.0
    suse openstack cloud crowbar 9.0
    suse openstack cloud 9.0
    suse linux enterprise server 12 sp3
    suse linux enterprise server 12 sp3
    suse linux enterprise server 11 sp3
    suse manager server 4.1
    suse linux enterprise server 12 sp5
    suse linux enterprise desktop 15 sp3
    suse linux enterprise server 15 sp3
    suse linux enterprise server 15 sp4
    suse linux enterprise desktop 15 sp4
    suse enterprise storage 7.0
    suse caas platform 4.0
    suse enterprise storage 6.0
    suse manager proxy 4.1
    suse linux enterprise server 15 -
    suse linux enterprise server 15 -
    suse linux enterprise server 15 sp1
    suse linux enterprise server 15 sp2
    suse linux enterprise high performance computing 12.0 sp5
    suse linux enterprise high performance computing 15.0 -
    suse linux enterprise high performance computing 15.0 sp1
    suse linux enterprise high performance computing 15.0 sp1
    suse linux enterprise high performance computing 15.0 sp2
    suse linux enterprise high performance computing 15.0 sp2
    suse linux enterprise high performance computing 15.0 sp3
    suse linux enterprise high performance computing 15.0 sp4
    suse linux enterprise server 12 sp4
    suse linux enterprise server 12 sp4
    suse linux enterprise server 12 sp3
    suse linux enterprise real time 15.0 sp2
    suse linux enterprise point of service 11.0 sp3
    suse linux enterprise micro 5.2
    suse linux enterprise micro 5.2
    suse linux enterprise server 12 sp2
    suse linux enterprise server 12 sp3
    suse linux enterprise server 15 sp1
    suse linux enterprise server 15 sp2
    suse linux enterprise server 12 sp4
    suse manager retail branch server 4.2
    suse manager retail branch server 4.1
    suse manager retail branch server 4.3
    suse manager server 4.2
    suse manager server 4.3
    suse manager proxy 4.2
    suse manager proxy 4.3
    suse linux enterprise storage 7.1
    hp helion openstack 8.0
    fedoraproject fedora 34
    fedoraproject fedora 35
    fedoraproject fedora 36