CVE-2012-1586

LOW

Description

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00024.html

http://www.openwall.com/lists/oss-security/2012/03/27/1

http://www.openwall.com/lists/oss-security/2012/03/27/6

https://bugzilla.samba.org/show_bug.cgi?id=8821

Details

Source: MITRE

Published: 2012-08-27

Updated: 2012-08-28

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW