Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386375 (CVE-2011-1678)

Summary: <net-fs/samba-3.5.11: symlink vulnerability (CVE-2011-1678)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: samba
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:53:37 UTC 
CVE-2011-1678 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678):
  smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to
  the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file
  without first checking whether resource limits would interfere, which allows
  local users to trigger corruption of the /etc/mtab file via a process with a
  small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Comment 1 VĂ­ctor Ostorga (RETIRED) gentoo-dev 2011-10-16 14:38:13 UTC 
@security: This affects <=net-fs/samba-3.5.8 . Currently we have 3.5.11 and above.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-10-16 14:40:45 UTC 
(In reply to comment #1)
> @security: This affects <=net-fs/samba-3.5.8 . Currently we have 3.5.11 and
> above.

Thanks, Victor. GLSA vote: yes (with the other Samba bugs)
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2011-11-04 23:46:17 UTC 
Vote: yes.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 13:05:36 UTC 
This issue was resolved and addressed in
 GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml
by GLSA coordinator Sean Amoss (ackle).