308067 – (CVE-2010-0547) net-fs/mount-cifs: Multiple vulnerabilities (CVE-2010-{0547,0787})

Bug 308067 (CVE-2010-0547) - net-fs/mount-cifs: Multiple vulnerabilities (CVE-2010-{0547,0787})

Summary: net-fs/mount-cifs: Multiple vulnerabilities (CVE-2010-{0547,0787})

Status:	RESOLVED FIXED

Alias:	CVE-2010-0547

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	http://git.samba.org/?p=samba.git;a=c...
Whiteboard:	B4 [glsa]
Keywords:

Depends on:	420895 427702
Blocks:
	Show dependency tree

Reported:	2010-03-06 15:54 UTC by Stefan Behte (RETIRED)
Modified:	2014-02-02 18:38 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:54:13 UTC

CVE-2010-0547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0547):
  client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier
  does not verify that the (1) device name and (2) mountpoint strings
  are composed of valid characters, which allows local users to cause a
  denial of service (mtab corruption) via a crafted string.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:59:37 UTC

CVE-2010-0787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0787):
  client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a,
  3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS
  share on an arbitrary mountpoint, and gain privileges, via a symlink
  attack on the mountpoint directory file.

Comment 2 Víctor Ostorga (RETIRED) gentoo-dev

2011-03-10 19:47:49 UTC

Those versions of samba are no longer in portage. Is it needed to keep this open?

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2011-03-12 17:06:44 UTC

(In reply to comment #2)
> Those versions of samba are no longer in portage. Is it needed to keep this
> open?

Thanks, Victor. We need to decide if this requires a GLSA.

GLSA Vote: no.

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2011-03-14 21:54:28 UTC

Vote: YES.

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev

2011-10-08 22:35:51 UTC

GLSA vote: YES, request filed.

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2011-10-08 22:38:33 UTC

For the record: 3.4.6 was the first fixed version and stable.

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2012-06-25 19:10:36 UTC

This issue was resolved and addressed in
 GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
by GLSA coordinator Stefan Behte (craig).

Comment 8 Kevin Bryan 2012-06-27 12:24:31 UTC

(In reply to comment #7)
> This issue was resolved and addressed in
>  GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
> by GLSA coordinator Stefan Behte (craig).

This GLSA lists ">=net-fs/mount-cifs-3.4.6", but the only available versions are: 3.0.25c 3.0.28 3.0.30

With mount-cifs as it's own package, how are the version numbers being tracked against samba?

Comment 9 Tiziano Müller (RETIRED) gentoo-dev

2012-07-24 08:24:39 UTC

reopening. Just p.masked mount-cifs since it's dead upstream and the upgrade-path is to use cifs-utils instead (which contains mount.cifs). So there is no 3.4.6 of mount-cifs.

Comment 10 Tim Sammut (RETIRED) gentoo-dev

2012-08-16 05:47:34 UTC

Indeed. I think GLSA 201206-29 is incorrect. 

@security, updated draft is available. Please review.

Comment 11 Pacho Ramos gentoo-dev

2012-09-16 12:29:32 UTC

dropped

Comment 12 Víctor Ostorga (RETIRED) gentoo-dev

2014-02-01 22:07:51 UTC

@Security team:

Is it still needed to keep this open?
Affected versions are long gone, last activity on this bug was more than 1 year ago

Comment 13 Sergey Popov (RETIRED) gentoo-dev

2014-02-02 18:38:20 UTC

Thanks for bringing attention to this and sorry for such enormous delay

Comment 14 GLSAMaker/CVETool Bot gentoo-dev

2014-02-02 18:38:26 UTC

This issue was resolved and addressed in
 GLSA 201206-29 at http://security.gentoo.org/glsa/glsa-201206-29.xml
by GLSA coordinator Sergey Popov (pinkbyte).