Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 29 Jul 2011 17:09:13 +0200

Hello Josh, Steve, vendors,

during creation of automated test case for samba CVE-2010-0547 issue I have noticed still to be possible mount.cifs to succeed to mount Samba share to specially-crafted mount point (containing newline character), potentially resulting into mtab corruption (on systems, where glibc package was not patched against CVE-2010-0296 flaw yet).

The new CVE identifier of CVE-2011-2724 has been assigned to this issue
(as an incomplete fix for CVE-2010-0547 issue).

Kudos to Tomas Hoger and Jeffrey Layton for their analysis of the issue:

check_mtab() calls check_newline() to check device and directory name.
check_newline() returns EX_USAGE (1) when error is detected, while check_mtab() expects -1 to indicate an error.

and to Jeffrey Layton again for providing the patch almost immediately:
[1] http://comments.gmane.org/gmane.linux.kernel.cifs/3827

References:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2724

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
  • CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue Jan Lieskovsky (Jul 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]