First Last Prev Next    This bug is not in your last search results.
Bug 1160791 - (CVE-2011-2724) VUL-1: CVE-2011-2724: samba: mtab lock file race condition
(CVE-2011-2724)
VUL-1: CVE-2011-2724: samba: mtab lock file race condition
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Novell Samba Team
Security Team bot
https://smash.suse.de/issue/72336/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-13 15:43 UTC by Wolfgang Frisch
Modified: 2020-01-13 15:45 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-01-13 15:43:15 UTC 
CVE-2011-2724

A race condition was found in the way 'mount.cifs' and 'umount.cifs' utilities performed mount / umount of a particular CIFS share to / from specified mount point (/etc/mtab~ lockfile was created before updating the /etc/mtab file and deleted once the operation completed), when these utilies were setuid root enabled. A local attacker could use this flaw to conduct denial of service attacks (failure of subsequent CIFS share umount / mount requests) by sending termination signal to 'mount.cifs' / 'umount.cifs' processes in the moment of existence of a stale (/etc/mtab~) lockfile.

References:
[1] https://bugzilla.samba.org/show_bug.cgi?id=7179
    (upstream bug report)
[2] http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
    (upstream patch)
[3] http://www.openwall.com/lists/oss-security/2011/09/27/1
    (CVE request)
[4] http://www.openwall.com/lists/oss-security/2011/09/30/5
    (CVE assignment)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=742907
https://bugzilla.redhat.com/show_bug.cgi?id=726691
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2724
https://www.openwall.com/lists/oss-security/2011/09/27/1
https://www.openwall.com/lists/oss-security/2011/09/30/5
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2724.html
https://rhn.redhat.com/errata/RHSA-2011-1221.html
https://rhn.redhat.com/errata/RHSA-2011-1220.html
https://access.redhat.com/security/cve/CVE-2011-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3585
http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
http://www.redhat.com/support/errata/RHSA-2011-1220.html
http://www.redhat.com/support/errata/RHSA-2011-1221.html
http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
http://openwall.com/lists/oss-security/2011/07/29/9
https://bugzilla.samba.org/show_bug.cgi?id=7179
https://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
http://secunia.com/advisories/45798
http://www.securitytracker.com/id?1025984
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
Comment 1 Wolfgang Frisch 2020-01-13 15:45:46 UTC 
SLE-11-SP3 distributions and later already contain the fix.
SLE-11-SP1 is not vulnerable because 'mount.cifs' / 'umount.cifs' are not setuid root enabled.
First Last Prev Next    This bug is not in your last search results.