GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jun 25, 2012 8:26 pm Post subject: [ GLSA 201206-29 ] mount-cifs: Multiple vulnerabilites |
|
|
Gentoo Linux Security Advisory
Title: mount-cifs: Multiple vulnerabilites (GLSA 201206-29)
Severity: normal
Exploitable: remote
Date: June 25, 2012
Updated: February 02, 2014
Bug(s): #308067
ID: 201206-29
Synopsis
Multiple vulnerabilities were found in mount-cifs, the worst of
which leading to privilege escalation.
Background
mount-cifs is the cifs filesystem mount helper split from Samba.
Affected Packages
Package: net-fs/mount-cifs
Vulnerable: <= 3.0.30
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in mount-cifs. Please
review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow local users to cause a denial of service (mtab
corruption) via a crafted string. Also, local users could mount a CIFS
share on an arbitrary mountpoint, and gain privileges via a symlink
attack on the mountpoint directory file.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for mount-cifs. We recommend that users
unmerge mount-cifs:
Code: | # emerge --unmerge "net-fs/mount-cifs"
|
References
CVE-2010-0547
CVE-2010-0787
Last edited by GLSA on Thu Feb 06, 2014 4:31 am; edited 1 time in total |
|