[Pkg-samba-maint] Bug#568942: samba: mtab corruption via malicious crafted string
Moritz Muehlenhoff
jmm at inutil.org
Tue Feb 9 20:34:39 UTC 2010
Pedro R wrote:
> Package: samba
> Version: 2:3.4.5~dfsg-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> Hi,
>
> a security bug has been discovered in all versions of Samba up to and
> including 3.4.5.
> It is possible to cause mtab corruption via a specially crafted string.
> More information at
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
> http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054
Since 567554 is tagged pending, I suppose the setuid root bit on
mount.cifs is going to be dropped. Once done, this issue is moot.
Cheers,
Moritz
More information about the Pkg-samba-maint
mailing list