Ubuntu Patches Critical cifs-utils Privilege Escalation Flaw
A recently patched vulnerability in Ubuntu's cifs-utils could allow local attackers to gain root access. A subsequent regression in the fix complicates remediation.
TL;DR
- Ubuntu released USN-8496-1 addressing a privilege escalation flaw in cifs-utils.
- The initial fix caused a regression affecting Kerberos mounts, prompting a temporary rollback.
- Exploitation could allow local users to execute code as root.
- Users should monitor for an updated patch resolving both issues.
- Organizations using cifs-utils should review their exposure and update accordingly.
Ubuntu has disclosed a critical local privilege escalation vulnerability in its cifs-utils package. If exploited, the issue could allow a local attacker to execute arbitrary code with root privileges. An initial security update aimed at fixing the problem introduced a regression impacting Kerberos-based network mounts, leading to a temporary rollback of the changes.
This creates a window where systems remain exposed to the original vulnerability while a comprehensive fix is developed. Organizations relying on cifs-utils for file system integration should closely monitor updates and evaluate mitigation strategies until a stable patch is released.
Vulnerability Details
- The flaw resides in how cifs-utils handles privilege dropping during user information lookup.
- A local attacker could exploit this behavior to escalate privileges and execute code as root.
- The vulnerability affects systems using the Common Internet File System (CIFS) utilities on Ubuntu.
Patch Complications
- USN-8496-1 was issued to resolve the privilege escalation issue.
- The patch inadvertently broke Kerberos authentication for CIFS mounts, prompting a regression in USN-8496-2.
- Canonical has reverted the original fix while working on a complete solution.
- Systems remain vulnerable until a new, stable patch is released.
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.