REDHAT-BUG-726691
First published: Fri Jul 29 2011(Updated: )
Originally the <a href="https://access.redhat.com/security/cve/CVE-2010-0547">CVE-2010-0547</a> identifier has been assigned by Common Vulnerabilities and Exposures to the following security issue: client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. Later a bug was found in the upstream patch for this issue. More specifically: check_mtab() calls check_newline() to check device and directory name. check_newline() returns EX_USAGE (1) when error is detected, while check_mtab() expects -1 to indicate an error. This bug in original <a href="https://access.redhat.com/security/cve/CVE-2010-0547">CVE-2010-0547</a> fix (not to propagate the error properly) caused mount.cifs command on specially-crafted mount point (containing newline character) still to succeed and potentially, to corrupt mtab table on the systems, where <a href="https://access.redhat.com/security/cve/CVE-2010-0296">CVE-2010-0296</a> glibc fix was not applied yet. Proposed upstream patch by Jeff Layton: [1] <a href="http://thread.gmane.org/gmane.linux.kernel.cifs/3827">http://thread.gmane.org/gmane.linux.kernel.cifs/3827</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | <=3.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2010-0547
- https://access.redhat.com/security/cve/CVE-2010-0296
- http://thread.gmane.org/gmane.linux.kernel.cifs/3827
- https://access.redhat.com/security/cve/CVE-2011-2724
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=726717
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=726691#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=562156
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=562156#c5
- http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=1e7a32924b22d1f786b6f490ce8590656f578f91
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=726691#c1
- https://rhn.redhat.com/errata/RHSA-2011-1220.html
- https://rhn.redhat.com/errata/RHSA-2011-1221.html
- https://bugzilla.redhat.com/show_bug.cgi?id=726691
Frequently Asked Questions
What is the severity of REDHAT-BUG-726691?
The severity of REDHAT-BUG-726691 is classified as high due to the potential for unauthorized access.
How do I fix REDHAT-BUG-726691?
To fix REDHAT-BUG-726691, upgrade Samba to version 3.4.6 or later.
What are the risks associated with REDHAT-BUG-726691?
The risks associated with REDHAT-BUG-726691 include potential data exposure and unauthorized access to shares.
Which versions of Samba are affected by REDHAT-BUG-726691?
Samba versions 3.4.5 and earlier are affected by REDHAT-BUG-726691.
What is the impact of exploitation of REDHAT-BUG-726691?
The exploitation of REDHAT-BUG-726691 can lead to compromise of sensitive data and unauthorized operations on the server.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2724
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/samba
- canonical/samba