Executive Summary
Summary | |
---|---|
Title | New samba packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-2004 | First vendor Publication | 2010-02-28 |
Vendor | Debian | Last vendor Modification | 2010-02-28 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab. For the stable distribution (lenny), these problems have been fixed in version 2:3.2.5-4lenny9. For the unstable distribution (sid), these problems have been fixed in version 2:3.4.5~dfsg-2. We recommend that you upgrade your samba packages. |
Original Source
Url : http://www.debian.org/security/2010/dsa-2004 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13168 | |||
Oval ID: | oval:org.mitre.oval:def:13168 | ||
Title: | DSA-2004-1 samba -- several | ||
Description: | Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab. For the stable distribution, these problems have been fixed in version 2:3.2.5-4lenny9. For the unstable distribution, these problems have been fixed in version 2:3.4.5~dfsg-2. We recommend that you upgrade your samba packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2004-1 CVE-2009-3297 CVE-2010-0547 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18426 | |||
Oval ID: | oval:org.mitre.oval:def:18426 | ||
Title: | DSA-1989-1 fuse - denial of service | ||
Description: | Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1989-1 CVE-2009-3297 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | fuse |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20631 | |||
Oval ID: | oval:org.mitre.oval:def:20631 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0547 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-29 (mount-cifs) File : nvt/glsa_201206_29.nasl |
2012-07-30 | Name : CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64 File : nvt/gb_CESA-2011_1219_libsmbclient_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for samba CESA-2011:1219 centos4 x86_64 File : nvt/gb_CESA-2011_1219_samba_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for samba3x CESA-2011:1220 centos5 x86_64 File : nvt/gb_CESA-2011_1220_samba3x_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for samba and cifs-utils RHSA-2011:1221-01 File : nvt/gb_RHSA-2011_1221-01_samba_and_cifs-utils.nasl |
2012-03-19 | Name : Fedora Update for cifs-utils FEDORA-2011-10028 File : nvt/gb_fedora_2011_10028_cifs-utils_fc16.nasl |
2012-03-15 | Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser... File : nvt/gb_VMSA-2012-0001.nasl |
2011-10-14 | Name : Mandriva Update for samba MDVSA-2011:148 (samba) File : nvt/gb_mandriva_MDVSA_2011_148.nasl |
2011-09-23 | Name : CentOS Update for libsmbclient CESA-2011:1219 centos5 i386 File : nvt/gb_CESA-2011_1219_libsmbclient_centos5_i386.nasl |
2011-09-23 | Name : CentOS Update for samba3x CESA-2011:1220 centos5 i386 File : nvt/gb_CESA-2011_1220_samba3x_centos5_i386.nasl |
2011-09-07 | Name : RedHat Update for samba3x RHSA-2011:1220-01 File : nvt/gb_RHSA-2011_1220-01_samba3x.nasl |
2011-09-07 | Name : RedHat Update for samba RHSA-2011:1219-01 File : nvt/gb_RHSA-2011_1219-01_samba.nasl |
2011-09-07 | Name : CentOS Update for samba CESA-2011:1219 centos4 i386 File : nvt/gb_CESA-2011_1219_samba_centos4_i386.nasl |
2011-08-12 | Name : Fedora Update for cifs-utils FEDORA-2011-9847 File : nvt/gb_fedora_2011_9847_cifs-utils_fc14.nasl |
2011-08-12 | Name : Fedora Update for cifs-utils FEDORA-2011-9831 File : nvt/gb_fedora_2011_9831_cifs-utils_fc15.nasl |
2011-03-07 | Name : Ubuntu Update for fuse vulnerabilities USN-1077-1 File : nvt/gb_ubuntu_USN_1077_1.nasl |
2010-09-22 | Name : Fedora Update for samba FEDORA-2010-14678 File : nvt/gb_fedora_2010_14678_samba_fc12.nasl |
2010-05-17 | Name : Mandriva Update for samba MDVSA-2010:090-1 (samba) File : nvt/gb_mandriva_MDVSA_2010_090_1.nasl |
2010-05-07 | Name : Mandriva Update for samba MDVSA-2010:090 (samba) File : nvt/gb_mandriva_MDVSA_2010_090.nasl |
2010-03-16 | Name : Debian Security Advisory DSA 2004-1 (samba) File : nvt/deb_2004_1.nasl |
2010-03-12 | Name : Fedora Update for samba FEDORA-2010-3999 File : nvt/gb_fedora_2010_3999_samba_fc12.nasl |
2010-03-12 | Name : Mandriva Update for openssh MDVA-2010:090 (openssh) File : nvt/gb_mandriva_MDVA_2010_090.nasl |
2010-03-12 | Name : Fedora Update for samba FEDORA-2010-4050 File : nvt/gb_fedora_2010_4050_samba_fc11.nasl |
2010-03-02 | Name : Fedora Update for ncpfs FEDORA-2010-1168 File : nvt/gb_fedora_2010_1168_ncpfs_fc11.nasl |
2010-03-02 | Name : Fedora Update for samba FEDORA-2010-1190 File : nvt/gb_fedora_2010_1190_samba_fc11.nasl |
2010-03-02 | Name : Mandriva Update for ncpfs MDVSA-2010:046 (ncpfs) File : nvt/gb_mandriva_MDVSA_2010_046.nasl |
2010-03-02 | Name : Mandriva Update for fuse MDVSA-2010:047 (fuse) File : nvt/gb_mandriva_MDVSA_2010_047.nasl |
2010-03-02 | Name : Fedora Update for samba FEDORA-2010-1218 File : nvt/gb_fedora_2010_1218_samba_fc12.nasl |
2010-03-02 | Name : Fedora Update for fuse FEDORA-2010-1159 File : nvt/gb_fedora_2010_1159_fuse_fc12.nasl |
2010-03-02 | Name : Fedora Update for ncpfs FEDORA-2010-1145 File : nvt/gb_fedora_2010_1145_ncpfs_fc12.nasl |
2010-03-02 | Name : Fedora Update for fuse FEDORA-2010-1140 File : nvt/gb_fedora_2010_1140_fuse_fc11.nasl |
2010-02-22 | Name : Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability File : nvt/samba_38326.nasl |
2010-01-29 | Name : Ubuntu Update for fuse vulnerability USN-892-1 File : nvt/gb_ubuntu_USN_892_1.nasl |
2010-01-29 | Name : Ubuntu Update for samba vulnerability USN-893-1 File : nvt/gb_ubuntu_USN_893_1.nasl |
2010-01-29 | Name : Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability File : nvt/samba_37992.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62155 | Samba smbfs mount.cifs client/mount.cifs.c Crafted String mtab Corruption Loc... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-02-02 | IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0031252 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1221.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1220.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1219.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110829_samba_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110829_samba_and_cifs_utils_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110829_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-29.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-148.nasl - Type : ACT_GATHER_INFO |
2011-09-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1220.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1219.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1220.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1221.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1219.nasl - Type : ACT_GATHER_INFO |
2011-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10028.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9847.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9831.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fuse-6840.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fuse-6838.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-6921.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14678.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1218.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1190.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1159.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1140.nasl - Type : ACT_GATHER_INFO |
2010-05-05 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-090.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-6920.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12595.nasl - Type : ACT_GATHER_INFO |
2010-03-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cifs-mount-100315.nasl - Type : ACT_GATHER_INFO |
2010-03-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO |
2010-03-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2004.nasl - Type : ACT_GATHER_INFO |
2010-02-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_fuse-100203.nasl - Type : ACT_GATHER_INFO |
2010-02-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_fuse-100203.nasl - Type : ACT_GATHER_INFO |
2010-02-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_fuse-100203.nasl - Type : ACT_GATHER_INFO |
2010-02-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_fuse-100126.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:16 |
|