CVE-2012-1586

cifs-utils - Exposure of Sensitive Information via Error Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1586. PoCs published by Sha0.

AI-analyzed exploit summary The exploit leverages a vulnerability in mount.cifs (CVE-2012-1586) to perform a privileged chdir() operation, allowing a non-root user to enumerate files and directories as root. The PoC script uses mount.cifs to probe paths and infer file types based on error messages.

Description

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sha0 · textlocallinux
https://www.exploit-db.com/exploits/18783

The exploit leverages a vulnerability in mount.cifs (CVE-2012-1586) to perform a privileged chdir() operation, allowing a non-root user to enumerate files and directories as root. The PoC script uses mount.cifs to probe paths and infer file types based on error messages.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: mount.cifs (versions prior to 5.4)
No auth needed
Prerequisites: mount.cifs must be setuid root · wordlist file for path enumeration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/27/6
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/27/1
Issue Tracking x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=8821

Scores

EPSS 0.0073
EPSS Percentile 49.4%

Details

CWE
CWE-200
Status published
Products (1)
debian/cifs-utils 2.6
Published Aug 27, 2012
Tracked Since Feb 18, 2026