Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386375 (CVE-2011-1678) - <net-fs/samba-3.5.11: symlink vulnerability (CVE-2011-1678)
Summary: <net-fs/samba-3.5.11: symlink vulnerability (CVE-2011-1678)
Status: RESOLVED FIXED
Alias: CVE-2011-1678
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 15:53 UTC by GLSAMaker/CVETool Bot
Modified: 2012-06-24 13:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:53:37 UTC 
CVE-2011-1678 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678):
  smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to
  the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file
  without first checking whether resource limits would interfere, which allows
  local users to trigger corruption of the /etc/mtab file via a process with a
  small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Comment 1 Víctor Ostorga (RETIRED) gentoo-dev 2011-10-16 14:38:13 UTC 
@security: This affects <=net-fs/samba-3.5.8 . Currently we have 3.5.11 and above.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-10-16 14:40:45 UTC 
(In reply to comment #1)
> @security: This affects <=net-fs/samba-3.5.8 . Currently we have 3.5.11 and
> above.

Thanks, Victor. GLSA vote: yes (with the other Samba bugs)
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2011-11-04 23:46:17 UTC 
Vote: yes.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 13:05:36 UTC 
This issue was resolved and addressed in
 GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml
by GLSA coordinator Sean Amoss (ackle).