Scientific Linux Security Update : cifs-utils on SL6.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The cifs-utils package contains tools for mounting and managing shares
on Linux using the SMB/CIFS protocol. The CIFS shares can be used as
standard Linux file systems.

A file existence disclosure flaw was found in mount.cifs. If the tool
was installed with the setuid bit set, a local attacker could use this
flaw to determine the existence of files or directories in directories
not accessible to the attacker. (CVE-2012-1586)

Note: mount.cifs from the cifs-utils package distributed by Scientific
Linux does not have the setuid bit set. We recommend that
administrators do not manually set the setuid bit for mount.cifs.

This update also fixes the following bugs :

- The cifs.mount(8) manual page was previously missing
documentation for several mount options. With this
update, the missing entries have been added to the
manual page.

- Previously, the mount.cifs utility did not properly
update the '/etc/mtab' system information file when
remounting an existing CIFS mount. Consequently,
mount.cifs created a duplicate entry of the existing
mount entry. This update adds the del_mtab() function to
cifs.mount, which ensures that the old mount entry is
removed from '/etc/mtab' before adding the updated mount
entry.

- The mount.cifs utility did not properly convert user and
group names to numeric UIDs and GIDs. Therefore, when
the 'uid', 'gid' or 'cruid' mount options were specified
with user or group names, CIFS shares were mounted with
default values. This caused shares to be inaccessible to
the intended users because UID and GID is set to '0' by
default. With this update, user and group names are
properly converted so that CIFS shares are now mounted
with specified user and group ownership as expected.

- The cifs.upcall utility did not respect the
'domain_realm' section in the 'krb5.conf' file and
worked only with the default domain. Consequently, an
attempt to mount a CIFS share from a different than the
default domain failed with the following error message :

mount error(126): Required key not available

This update modifies the underlying code so that cifs.upcall handles
multiple Kerberos domains correctly and CIFS shares can now be mounted
as expected in a multi-domain environment.

In addition, this update adds the following enhancements :

- The cifs.upcall utility previously always used the
'/etc/krb5.conf' file regardless of whether the user had
specified a custom Kerberos configuration file. This
update adds the '--krb5conf' option to cifs.upcall
allowing the administrator to specify an alternate
krb5.conf file. For more information on this option,
refer to the cifs.upcall(8) manual page.

- The cifs.upcall utility did not optimally determine the
correct service principal name (SPN) used for Kerberos
authentication, which occasionally caused krb5
authentication to fail when mounting a server's
unqualified domain name. This update improves
cifs.upcall so that the method used to determine the SPN
is now more versatile.

- This update adds the 'backupuid' and 'backupgid' mount
options to the mount.cifs utility. When specified, these
options grant a user or a group the right to access
files with the backup intent. For more information on
these options, refer to the mount.cifs(8) manual page.

All users of cifs-utils are advised to upgrade to this updated
package, which contains backported patches to fix these issues and add
these enhancements.

See also :

http://www.nessus.org/u?d9d50961

Solution :

Update the affected cifs-utils and / or cifs-utils-debuginfo packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61338 ()

Bugtraq ID:

CVE ID: CVE-2012-1586