CVE-2009-2948: Information disclosure by setuid mount.cifs

===========================================================
== Subject:     Information disclosure by setuid mount.cifs
==
== CVE ID#:     CVE-2009-2948
==
== Versions:    All known versions of samba
==
== Summary:     When mount.cifs is installed as a setuid program
==		a user can pass it a credential or password path
==		to which he or she does not have access and then
==		use the --verbose option to view the first line
==		of that file.
===========================================================

===========
Description
===========

The mount.cifs program allows a user to pass in the name of
a credentials file or a file containing a password via several
different means. When installed as a setuid program, it does
not check to see whether the user would have had access to
this file prior to gaining root privileges.

Also, when run with the --verbose or -v options, it would
print the value of the password being handed off to the
kernel.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect.  Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==========
Workaround
==========

Clear the setuid bit from mount.cifs. For instance:

    # chmod u-s /sbin/mount.cifs

...note that this will prevent unprivileged users from
mounting CIFS shares however.

=======
Credits
=======

Originally reported by Ronald Volgers.

Patches provided by Jeff Layton of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================