Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 308067 (CVE-2010-0547) - net-fs/mount-cifs: Multiple vulnerabilities (CVE-2010-{0547,0787})
Summary: net-fs/mount-cifs: Multiple vulnerabilities (CVE-2010-{0547,0787})
Status: RESOLVED FIXED
Alias: CVE-2010-0547
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://git.samba.org/?p=samba.git;a=c...
Whiteboard: B4 [glsa]
Keywords:
Depends on: 420895 427702
Blocks:
  Show dependency tree
 
Reported: 2010-03-06 15:54 UTC by Stefan Behte (RETIRED)
Modified: 2014-02-02 18:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:54:13 UTC
CVE-2010-0547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0547):
  client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier
  does not verify that the (1) device name and (2) mountpoint strings
  are composed of valid characters, which allows local users to cause a
  denial of service (mtab corruption) via a crafted string.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:59:37 UTC
CVE-2010-0787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0787):
  client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a,
  3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS
  share on an arbitrary mountpoint, and gain privileges, via a symlink
  attack on the mountpoint directory file.

Comment 2 Víctor Ostorga (RETIRED) gentoo-dev 2011-03-10 19:47:49 UTC
Those versions of samba are no longer in portage. Is it needed to keep this open?
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-03-12 17:06:44 UTC
(In reply to comment #2)
> Those versions of samba are no longer in portage. Is it needed to keep this
> open?

Thanks, Victor. We need to decide if this requires a GLSA.

GLSA Vote: no.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2011-03-14 21:54:28 UTC
Vote: YES.
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-08 22:35:51 UTC
GLSA vote: YES, request filed.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-08 22:38:33 UTC
For the record: 3.4.6 was the first fixed version and stable.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-06-25 19:10:36 UTC
This issue was resolved and addressed in
 GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
by GLSA coordinator Stefan Behte (craig).
Comment 8 Kevin Bryan 2012-06-27 12:24:31 UTC
(In reply to comment #7)
> This issue was resolved and addressed in
>  GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
> by GLSA coordinator Stefan Behte (craig).

This GLSA lists ">=net-fs/mount-cifs-3.4.6", but the only available versions are: 3.0.25c 3.0.28 3.0.30

With mount-cifs as it's own package, how are the version numbers being tracked against samba?
Comment 9 Tiziano Müller gentoo-dev 2012-07-24 08:24:39 UTC
reopening. Just p.masked mount-cifs since it's dead upstream and the upgrade-path is to use cifs-utils instead (which contains mount.cifs). So there is no 3.4.6 of mount-cifs.
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2012-08-16 05:47:34 UTC
Indeed. I think GLSA 201206-29 is incorrect. 

@security, updated draft is available. Please review.
Comment 11 Pacho Ramos gentoo-dev 2012-09-16 12:29:32 UTC
dropped
Comment 12 Víctor Ostorga (RETIRED) gentoo-dev 2014-02-01 22:07:51 UTC
@Security team:

Is it still needed to keep this open?
Affected versions are long gone, last activity on this bug was more than 1 year ago
Comment 13 Sergey Popov gentoo-dev 2014-02-02 18:38:20 UTC
Thanks for bringing attention to this and sorry for such enormous delay
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-02-02 18:38:26 UTC
This issue was resolved and addressed in
 GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
by GLSA coordinator Sergey Popov (pinkbyte).