Bug 308067 (CVE-2010-0547)

Summary:	net-fs/mount-cifs: Multiple vulnerabilities (CVE-2010-{0547,0787})
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	jesse, samba
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054
Whiteboard:	B4 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	420895, 427702
Bug Blocks:

Description Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:54:13 UTC

CVE-2010-0547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0547):
  client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier
  does not verify that the (1) device name and (2) mountpoint strings
  are composed of valid characters, which allows local users to cause a
  denial of service (mtab corruption) via a crafted string.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:59:37 UTC

CVE-2010-0787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0787):
  client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a,
  3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS
  share on an arbitrary mountpoint, and gain privileges, via a symlink
  attack on the mountpoint directory file.

Comment 2 Víctor Ostorga (RETIRED) gentoo-dev

2011-03-10 19:47:49 UTC

Those versions of samba are no longer in portage. Is it needed to keep this open?

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2011-03-12 17:06:44 UTC

(In reply to comment #2)
> Those versions of samba are no longer in portage. Is it needed to keep this
> open?

Thanks, Victor. We need to decide if this requires a GLSA.

GLSA Vote: no.

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2011-03-14 21:54:28 UTC

Vote: YES.

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev

2011-10-08 22:35:51 UTC

GLSA vote: YES, request filed.

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2011-10-08 22:38:33 UTC

For the record: 3.4.6 was the first fixed version and stable.

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2012-06-25 19:10:36 UTC

This issue was resolved and addressed in
 GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
by GLSA coordinator Stefan Behte (craig).

Comment 8 Kevin Bryan 2012-06-27 12:24:31 UTC

(In reply to comment #7)
> This issue was resolved and addressed in
>  GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
> by GLSA coordinator Stefan Behte (craig).

This GLSA lists ">=net-fs/mount-cifs-3.4.6", but the only available versions are: 3.0.25c 3.0.28 3.0.30

With mount-cifs as it's own package, how are the version numbers being tracked against samba?

Comment 9 Tiziano Müller (RETIRED) gentoo-dev

2012-07-24 08:24:39 UTC

reopening. Just p.masked mount-cifs since it's dead upstream and the upgrade-path is to use cifs-utils instead (which contains mount.cifs). So there is no 3.4.6 of mount-cifs.

Comment 10 Tim Sammut (RETIRED) gentoo-dev

2012-08-16 05:47:34 UTC

Indeed. I think GLSA 201206-29 is incorrect. 

@security, updated draft is available. Please review.

Comment 11 Pacho Ramos gentoo-dev

2012-09-16 12:29:32 UTC

dropped

Comment 12 Víctor Ostorga (RETIRED) gentoo-dev

2014-02-01 22:07:51 UTC

@Security team:

Is it still needed to keep this open?
Affected versions are long gone, last activity on this bug was more than 1 year ago

Comment 13 Sergey Popov gentoo-dev

2014-02-02 18:38:20 UTC

Thanks for bringing attention to this and sorry for such enormous delay

Comment 14 GLSAMaker/CVETool Bot gentoo-dev

2014-02-02 18:38:26 UTC

This issue was resolved and addressed in
 GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
by GLSA coordinator Sergey Popov (pinkbyte).