Joined: 12 May 2004
|Posted: Mon Jun 25, 2012 8:26 pm Post subject: [ GLSA 201206-29 ] mount-cifs: Multiple vulnerabilites
|Gentoo Linux Security Advisory
Title: mount-cifs: Multiple vulnerabilites (GLSA 201206-29)
Date: June 25, 2012
Updated: February 02, 2014
Multiple vulnerabilities were found in mount-cifs, the worst of
which leading to privilege escalation.
mount-cifs is the cifs filesystem mount helper split from Samba.
Vulnerable: <= 3.0.30
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in mount-cifs. Please
review the CVE identifiers referenced below for details.
The vulnerabilities allow local users to cause a denial of service (mtab
corruption) via a crafted string. Also, local users could mount a CIFS
share on an arbitrary mountpoint, and gain privileges via a symlink
attack on the mountpoint directory file.
There is no known workaround at this time.
Gentoo has discontinued support for mount-cifs. We recommend that users
|# emerge --unmerge "net-fs/mount-cifs"
Last edited by GLSA on Thu Feb 06, 2014 4:31 am; edited 1 time in total