MDVSA-2010:090-1 -- Mandriva sambaID: oval:org.secpod.oval:def:300306 | Date: (C)2012-01-07 (M)2023-11-13 |
Class: PATCH | Family: unix |
Multiple vulnerabilies has been found and corrected in samba: client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the device name and mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string . client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file . The updated packages have been patched to correct these issues. Update: It was discovered that the previous Samba update required libtalloc from Samba4 package. Therefore, this update provides the required packages in order to fix the issue.
Platform: |
Mandriva Linux 2010.0 |