Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1678
HistoryApr 09, 2011 - 12:00 a.m.

CVE-2011-1678

2011-04-0900:00:00
ubuntu.com
ubuntu.com
6

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

11.0%

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append
to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp
file without first checking whether resource limits would interfere, which
allows local users to trigger corruption of the /etc/mtab file via a
process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Notes

Author Note
mdeslaur we ship this suid by default, so this is medium hardy needs to get mtab lock file support backported http://git.samba.org/?p=samba.git;a=commit;h=32695912dd3ed7c02da68209328d630c89d395ba
OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchcifs-utils< 2:4.5-2ubuntu0.10.10.1UNKNOWN
ubuntu11.04noarchcifs-utils< 2:4.5-2ubuntu0.11.04.1UNKNOWN
ubuntu8.04noarchsamba< 3.0.28a-1ubuntu4.16UNKNOWN
ubuntu10.04noarchsamba< 2:3.4.7~dfsg-1ubuntu3.8UNKNOWN

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

11.0%

Related for UB:CVE-2011-1678