Source: cifs-utils Version: 2:7.4-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for cifs-utils. CVE-2026-12505[0]: | A flaw was found in the cifs-utils package where the cifs.upcall | helper fails to securely drop its root privileges before looking up | user information inside a user-controlled environment. A local, low | privileged attacker can exploit this by using a crafted request_key | payload to trick the root-owned helper into entering a custom | environment (namespace) containing a malicious NSS module. This | forces the system to load the attacker's controlled NSS Module and | configuration, allowing them to execute arbitrary commands as the | root user, elevating their privileges and fully compromising the | system. If I'm not completely wrong this helped to exploit CVE-2026-46243 without the kernel side fix. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-12505 https://www.cve.org/CVERecord?id=CVE-2026-12505 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2489805 [2] https://git.samba.org/?p=cifs-utils.git;a=commit;h=972c5b5ff95e3e812bc8daa72d0383654ab0dba7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
