Joined: 12 May 2004
|Posted: Mon Jun 25, 2012 8:26 pm Post subject: [ GLSA 201206-29 ] mount-cifs: Multiple vulnerabilites
|Gentoo Linux Security Advisory
Title: mount-cifs: Multiple vulnerabilites (GLSA 201206-29)
Date: June 25, 2012
Multiple vulnerabilities were found in mount-cifs, the worst of
which leading to privilege escalation.
mount-cifs is the cifs filesystem mount helper split from Samba.
Vulnerable: < 3.4.6
Unaffected: >= 3.4.6
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in mount-cifs. Please
review the CVE identifiers referenced below for details.
The vulnerabilities allow local users to cause a denial of service (mtab
corruption) via a crafted string. Also, local users could mount a CIFS
share on an arbitrary mountpoint, and gain privileges via a symlink
attack on the mountpoint directory file.
There is no known workaround at this time.
All mount-cifs users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/mount-cifs-3.4.6"