Redhat bug : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2724 This can maybe be fixed in the same package updates as #2949.
Blocks: (none) => 2949
CC: (none) => bgmilne, bgmilne, ennael1, thierry.vignaud
duplicate of bug 2949 if not please reopen *** This bug has been marked as a duplicate of bug 2949 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE
I think it's not a duplicate: it's a different CVE, with a different patch, and it doesn't look like it was fixed in bug 2949 (at least not mentioned in changelog). The patch for this issue according to redhat bug : http://thread.gmane.org/gmane.linux.kernel.cifs/3827
Status: RESOLVED => REOPENEDResolution: DUPLICATE => (none)
So ping ?
Ping ?
Has Buchan left us?
CC: (none) => luigiwalser
Turns out there's even more CVEs we haven't fixed. Superceding this one with Bug 3980. *** This bug has been marked as a duplicate of bug 3980 ***
Status: REOPENED => RESOLVEDResolution: (none) => DUPLICATE
I am still contributing here, but with limited time, and the 'provide your own system to test builds' is a bit limiting to those with limited bandwidth. Note that bug #3980 does not actually list this CVE, so I am re-opening. In the case of cifs-utils, I would actually prefer to ship a current version, rather than an old version with lots of patches, some of which obsolete older patches, with no site that actually covers which are the correct security patches, but the updates policy (https://wiki.mageia.org/en/Updates_policy) seems a bit strict for this. I have updated cifs-utils in svn (r189827) for *this* CVE. I note that Mandriva has an additional patch (http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/updates/2010.1/cifs-utils/current/SOURCES/mount.cifs-fix-test-for-strtoul-failure-in-mount.cif.patch?revision=704390&view=markup), I have added this too. New package in updates_testing.
Package is available in updates_testing [changelog] [RPM] 1 core/updates_testing cifs-utils-4.8.1-1.2.mga1 https://ml.mageia.org/l/arc/changelog/2012-01/msg00073.html
Status: REOPENED => ASSIGNEDAssignee: bugsquad => qa-bugs
This bug is a bit of a mess and not clear what has been updated or what it pertains to. The ml url above isn't directly accessible so I have found it and pasted below. Please refer to https://wiki.mageia.org/en/Updates_policy#Maintainer_.28or_any_interested_packager.29 Thankyou. I think this bug is for cifs-utils and bug 3980 is actually for samba and not strictly a duplicate. ------------------------------------------ Name : cifs-utils Relocations: (not relocatable) Version : 4.8.1 Vendor: Mageia.Org Release : 1.2.mga1 Build Date: Tue Jan 3 10:07:19 2012 Install Date: (not installed) Build Host: ecosse Group : Networking/Other Source RPM: (none) Size : 333813 License: GPLv3 Signature : (none) Packager : buchan <buchan> URL : http://www.samba.org/linux-cifs/cifs-utils/ Summary : Tools for Managing Linux CIFS Client Filesystems Description : Tools for Managing Linux CIFS Client Filesystems. buchan <buchan> 4.8.1-1.2.mga1: + Revision: 189829 - Add patch fixing error checking of strtoul - Add patch for CVE-2011-2724 - Add patch for CVE-2011-1678 [changelog] [RPM] 1 core/updates_testing cifs-utils-4.8.1-1.2.mga1, buchan, 01/03/2012 -------------------------------------------
Testing procedure here: https://bugs.mageia.org/show_bug.cgi?id=2949#c7
Testing complete x86_64 using the above procedure. Remember to create the samba user, then the share and (re)start the server on the host. # mount -t cifs //192.168.1.60/testshare -o user=MGAGROUP/testuser%testpass /media/test # ls /media/test 10.png 11.png 12.png 13.png 14.png 15.png 16.png 17.png 1.png 2.png $ cd /media/test $ touch test $ rm test rm: remove regular empty file `test'? y
The fix for samba is taken care of by bug #3980, commit 189530, let's split these bugs, so this one is strictly for cifs-utils, for which only one of the CVEs dealt with in #3890 applies.
Summary: CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547 => CVE-2011-2724 cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
CC: thierry.vignaud => (none)
Testing complete on i586 using a windows share from a vb guest. Could someone from the sysadmin team push the srpm cifs-utils-4.8.1-1.2.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: This security update for cifs-utils addresses two security issues. CVE-2011-2724 - The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547 CVE-2011-1678 - smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. https://bugs.mageia.org/show_bug.cgi?id=2950
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED