MDVSA-2011:148 -- Mandriva sambaID: oval:org.secpod.oval:def:301060 | Date: (C)2012-01-07 (M)2023-11-13 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in samba/cifs-utils: smbfs in Samba 3.5.8 and earlier attempts to use mount.cifs to append to the /etc/mtab file and umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 . The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the device name and mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547 . Additionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes. Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |