Alpine: multiple cifs-utils packages: security update to 5.3-r0 (deprecated)

critical Tenable Cloud Security Plugin ID 401289

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or
directories via the file path in the second argument, which reveals their existence in an error message.
(CVE-2012-1586)

See Also

https://git.alpinelinux.org/aports/commit/?id=168b1d4d53fb306f0ac48f54973601bf7b74e4c9

https://git.alpinelinux.org/aports/commit/?id=c7bcd4a45487c207d6b58c302bc0b29ffab7d94b

Plugin Details

Severity: Critical

ID: 401289

Version: Revision 1.24

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 1.2

Percentile: 0.01

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-1586

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/14/2012

Vulnerability Publication Date: 3/21/2012

Reference Information

CVE: CVE-2012-1586

BID: 52742, 53246