Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1678

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-1678
Last Modified 25 Oct 2011 10:58:38
Published 09 Apr 2011 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1678

Summary

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Vulnerable Systems

Application

  • Samba 1.9.17

  • Samba 1.9.18

  • Samba 2.0

  • Samba 2.0.0

  • Samba 2.0.1

  • Samba 2.0.10

  • Samba 2.0.2

  • Samba 2.0.3

  • Samba 2.0.4

  • Samba 2.0.5

  • Samba 2.0.5a

  • Samba 2.0.6

  • Samba 2.0.7

  • Samba 2.0.8

  • Samba 2.0.9

  • Samba 2.18.3

  • Samba 2.2.0

  • Samba 2.2.0a

  • Samba 2.2.1

  • Samba 2.2.10

  • Samba 2.2.11

  • Samba 2.2.12

  • Samba 2.2.1a

  • Samba 2.2.2

  • Samba 2.2.3

  • Samba 2.2.3a

  • Samba 2.2.4

  • Samba 2.2.5

  • Samba 2.2.6

  • Samba 2.2.7

  • Samba 2.2.7a

  • Samba 2.2.8

  • Samba 2.2.8a

  • Samba 2.2.9

  • Samba 2.2a

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.27a

  • Samba 3.0.28

  • Samba 3.0.28a

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.35

  • Samba 3.0.36

  • Samba 3.0.37

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.1

  • Samba 3.2

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.13

  • Samba 3.2.14

  • Samba 3.2.15

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3

  • Samba 3.3.0

  • Samba 3.3.1

  • Samba 3.3.10

  • Samba 3.3.11

  • Samba 3.3.12

  • Samba 3.3.2

  • Samba 3.3.3

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.3.6

  • Samba 3.3.7

  • Samba 3.3.8

  • Samba 3.3.9

  • Samba 3.4

  • Samba 3.4.0

  • Samba 3.4.1

  • Samba 3.4.2

  • Samba 3.4.3

  • Samba 3.4.4

  • Samba 3.4.5

  • Samba 3.4.6

  • Samba 3.4.7

  • Samba 3.5

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.2

  • Samba 3.5.3

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=688980

XF - samba-smbfs-security-bypass(66702)

MANDRIVA - MDVSA-2011:148

MLIST - [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE


Last Updated: 27 May 2016 10:56:24