[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2011-2724 assignment notification -- samba -- incomplete fix
From: Jan Lieskovsky <jlieskov () redhat ! com>
Date: 2011-07-29 15:09:13
Message-ID: 4E32CD19.6010608 () redhat ! com
[Download RAW message or body]
Hello Josh, Steve, vendors,
during creation of automated test case for samba CVE-2010-0547 issue
I have noticed still to be possible mount.cifs to succeed to mount Samba
share to specially-crafted mount point (containing newline character),
potentially resulting into mtab corruption (on systems, where glibc
package was not patched against CVE-2010-0296 flaw yet).
The new CVE identifier of CVE-2011-2724 has been assigned to this issue
(as an incomplete fix for CVE-2010-0547 issue).
Kudos to Tomas Hoger and Jeffrey Layton for their analysis of the issue:
check_mtab() calls check_newline() to check device and directory name.
check_newline() returns EX_USAGE (1) when error is detected, while
check_mtab() expects -1 to indicate an error.
and to Jeffrey Layton again for providing the patch almost immediately:
[1] http://comments.gmane.org/gmane.linux.kernel.cifs/3827
References:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2724
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic