search for: 4e264031d0da7d3f2

...5 If the user is allowed to run mount.cifs via sudo, he can obtain a root shell. sudo mount.cifs -o username='`sh`' //1 /mnt If mount.cifs has the setuid bit, the command will still be run as the calling user (no privilege escalation). The bug was introduced in June 2012 with commit 4e264031d0da7d3f2 ("mount.cifs: Use systemd's mechanism for getting password, if present."). Affected versions: cifs-utils-5.6 cifs-utils-5.7 cifs-utils-5.8 cifs-utils-5.9 cifs-utils-6.0 cifs-utils-6.1 cifs-utils-6.2 cifs-utils-6.3 cifs-utils-6.4 cifs-utils-6.5 cifs-utils-6.6 c...