Executive Summary
Summary | |
---|---|
Title | mount-cifs: Multiple vulnerabilites |
Informations | |||
---|---|---|---|
Name | GLSA-201206-29 | First vendor Publication | 2012-06-25 |
Vendor | Gentoo | Last vendor Modification | 2012-06-25 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in mount-cifs, the worst of which leading to privilege escalation. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201206-29.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201206-29.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13168 | |||
Oval ID: | oval:org.mitre.oval:def:13168 | ||
Title: | DSA-2004-1 samba -- several | ||
Description: | Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab. For the stable distribution, these problems have been fixed in version 2:3.2.5-4lenny9. For the unstable distribution, these problems have been fixed in version 2:3.4.5~dfsg-2. We recommend that you upgrade your samba packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2004-1 CVE-2009-3297 CVE-2010-0547 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20631 | |||
Oval ID: | oval:org.mitre.oval:def:20631 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0547 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20717 | |||
Oval ID: | oval:org.mitre.oval:def:20717 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0787 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-29 (mount-cifs) File : nvt/glsa_201206_29.nasl |
2012-07-30 | Name : CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64 File : nvt/gb_CESA-2011_1219_libsmbclient_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for samba CESA-2011:1219 centos4 x86_64 File : nvt/gb_CESA-2011_1219_samba_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for samba3x CESA-2011:1220 centos5 x86_64 File : nvt/gb_CESA-2011_1220_samba3x_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for samba and cifs-utils RHSA-2011:1221-01 File : nvt/gb_RHSA-2011_1221-01_samba_and_cifs-utils.nasl |
2012-03-19 | Name : Fedora Update for cifs-utils FEDORA-2011-10028 File : nvt/gb_fedora_2011_10028_cifs-utils_fc16.nasl |
2012-03-15 | Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser... File : nvt/gb_VMSA-2012-0001.nasl |
2011-10-14 | Name : Mandriva Update for samba MDVSA-2011:148 (samba) File : nvt/gb_mandriva_MDVSA_2011_148.nasl |
2011-09-23 | Name : CentOS Update for libsmbclient CESA-2011:1219 centos5 i386 File : nvt/gb_CESA-2011_1219_libsmbclient_centos5_i386.nasl |
2011-09-23 | Name : CentOS Update for samba3x CESA-2011:1220 centos5 i386 File : nvt/gb_CESA-2011_1220_samba3x_centos5_i386.nasl |
2011-09-07 | Name : RedHat Update for samba3x RHSA-2011:1220-01 File : nvt/gb_RHSA-2011_1220-01_samba3x.nasl |
2011-09-07 | Name : RedHat Update for samba RHSA-2011:1219-01 File : nvt/gb_RHSA-2011_1219-01_samba.nasl |
2011-09-07 | Name : CentOS Update for samba CESA-2011:1219 centos4 i386 File : nvt/gb_CESA-2011_1219_samba_centos4_i386.nasl |
2011-08-12 | Name : Fedora Update for cifs-utils FEDORA-2011-9831 File : nvt/gb_fedora_2011_9831_cifs-utils_fc15.nasl |
2011-08-12 | Name : Fedora Update for cifs-utils FEDORA-2011-9847 File : nvt/gb_fedora_2011_9847_cifs-utils_fc14.nasl |
2010-07-02 | Name : SuSE Update for samba SUSE-SA:2010:025 File : nvt/gb_suse_2010_025.nasl |
2010-05-17 | Name : Mandriva Update for samba MDVSA-2010:090-1 (samba) File : nvt/gb_mandriva_MDVSA_2010_090_1.nasl |
2010-05-07 | Name : Mandriva Update for samba MDVSA-2010:090 (samba) File : nvt/gb_mandriva_MDVSA_2010_090.nasl |
2010-03-16 | Name : Debian Security Advisory DSA 2004-1 (samba) File : nvt/deb_2004_1.nasl |
2010-03-12 | Name : Mandriva Update for openssh MDVA-2010:090 (openssh) File : nvt/gb_mandriva_MDVA_2010_090.nasl |
2010-02-22 | Name : Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability File : nvt/samba_38326.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62186 | Samba mount.cifs Symlink Arbitrary File Access |
62155 | Samba smbfs mount.cifs client/mount.cifs.c Crafted String mtab Corruption Loc... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-02-02 | IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0031252 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1221.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1220.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1219.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110829_samba_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110829_samba_and_cifs_utils_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110829_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-29.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-148.nasl - Type : ACT_GATHER_INFO |
2011-09-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1220.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1219.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1221.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1219.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1220.nasl - Type : ACT_GATHER_INFO |
2011-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10028.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9847.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9831.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-100613.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-7072.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-6921.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14678.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3999.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1218.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1190.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4050.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cifs-mount-100613.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cifs-mount-100613.nasl - Type : ACT_GATHER_INFO |
2010-05-05 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-090.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-6920.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12595.nasl - Type : ACT_GATHER_INFO |
2010-03-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cifs-mount-100315.nasl - Type : ACT_GATHER_INFO |
2010-03-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO |
2010-03-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-100312.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2004.nasl - Type : ACT_GATHER_INFO |
2010-01-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-893-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:26 |
|