CVE-2011-1678
published 2011-04-10CVE-2011-1678: smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without…
PriorityP47low3.3CVSS 2.0
AVLACMAuNCPIPAN
EPSS
0.53%
40.8th percentile
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cifs-utils | < cifs-utils 2:5.1-1 (bookworm) | cifs-utils 2:5.1-1 (bookworm) |
| debian | samba | < cifs-utils 2:5.1-1 (bookworm) | cifs-utils 2:5.1-1 (bookworm) |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | samba | <= 3.5.8 | — |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
CVSS provenance
nvdv2.03.3LOWAV:L/AC:M/Au:N/C:P/I:P/A:N
osv3.3LOW
vendor_debian3.3LOW
vendor_redhat3.3LOW
vendor_ubuntu3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2011-10-04·CVSS 3.3
CVE-2011-1678 [LOW] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: An attacker could trick Samba into corrupting the system mtab file.
Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab
file. A local attacker could use this issue to corrupt the mtab file,
possibly leading to a denial of service. (CVE-2011-1678)
Jan Lieskovsky discovered that Samba incorrectly filtered certain strings
being added to the mtab file. A local attacker could use this issue to
corrupt the mtab file, possibly leading to a denial of service. This issue
only affected Ubuntu 10.04 LTS. (CVE-2011-2724)
Dan Rosenberg discovered that Samba incorrectly handled the mtab lock file.
A local attacker could use this issue to create a stale lock file, possibly
leading to a denial of service. (CVE-2011-3585)
Instructions: In g
Ubuntu
cifs-utils vulnerabilities
vendor_ubuntu·2011-10-04·CVSS 3.3
CVE-2011-1678 [LOW] cifs-utils vulnerabilities
Title: cifs-utils vulnerabilities
Summary: An attacker could trick cifs-utils into corrupting the system mtab file.
Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the
mtab file. A local attacker could use this issue to corrupt the mtab file,
possibly leading to a denial of service. (CVE-2011-1678)
Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain
strings being added to the mtab file. A local attacker could use this issue
to corrupt the mtab file, possibly leading to a denial of service.
(CVE-2011-2724)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
vendor_redhat·2011-03-03·CVSS 3.3
CVE-2011-1678 [LOW] samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Statement: On Red Hat Enterprise Linux, by default, mount.cifs is not provided with the setuid bit enabled. If a user has turned on the setuid bit (via chmod +s /sbin/mount.cifs), they would be affected by this issue, and can work around the problem by removing the setuid bit.
Red Hat Enterprise Linux 3 does not provide the mount.cifs program.
Debian
CVE-2011-1678: cifs-utils - smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the...
vendor_debian·2011·CVSS 3.3
CVE-2011-1678 [LOW] CVE-2011-1678: cifs-utils - smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the...
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Scope: local
bookworm: resolved (fixed in 2:5.1-1)
bullseye: resolved (fixed in 2:5.1-1)
forky: resolved (fixed in 2:5.1-1)
sid: resolved (fixed in 2:5.1-1)
trixie: resolved (fixed in 2:5.1-1)
GHSA
GHSA-v7g7-rpcw-4f58: smbfs in Samba 3
ghsa_unreviewed·2022-05-17·CVSS 3.3
CVE-2011-1678 [LOW] CWE-20 GHSA-v7g7-rpcw-4f58: smbfs in Samba 3
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
OSV
CVE-2011-1678: smbfs in Samba 3
osv·2011-04-10·CVSS 3.3
CVE-2011-1678 [LOW] CVE-2011-1678: smbfs in Samba 3
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE [fedora-all]
bugzilla·2011-04-12·CVSS 3.3
CVE-2011-1678 [LOW] CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE [fedora-all]
CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=695925
Please note
Bugzilla
CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
bugzilla·2011-04-12·CVSS 3.3
CVE-2011-1678 [LOW] CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1678 tothe following vulnerability:
Name: CVE-2011-1678
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
Assigned: 20110409
Reference: http://openwall.com/lists/oss-security/2011/03/04/9
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=688980
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to
append to the /etc/mtab file and (2) umount.cifs to append to the
/etc/mtab.tmp file without first checking whether resource limits
would interfere, which allows local users to trigger corruption of the
/etc/mtab file via a process with a small RLIMIT_FSIZE value, a
related issue to CVE-2011-1089.
Disc
Bugzilla
CVE-2011-1089 glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
bugzilla·2011-03-18·CVSS 3.3
CVE-2011-1089 [LOW] CVE-2011-1089 glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
CVE-2011-1089 glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
Dan Rosenberg reported a flaw with suid mount helpers handle access to /etc/mtab [1], which could allow an unprivileged user to corrupt /etc/mtab and possibly manipulate mountpoint options or unmount a filesystem.
The original report follows.
This was originally sent to the now-defunct vendor-sec mailing list.
Seeing how it's a relatively low-severity issue and that we're
currently lacking a mechanism for coordination among package
maintainers and vendors, this list seems like a perfectly acceptable
venue for discussing how to fix it.
I discovered that essentially every suid mount helper that uses
addmntent() (or invokes util-linux mount, which in turn calls
addmntent()) to add entries to /etc/mtab fails to antici
http://openwall.com/lists/oss-security/2011/03/04/10http://openwall.com/lists/oss-security/2011/03/04/11http://openwall.com/lists/oss-security/2011/03/04/12http://openwall.com/lists/oss-security/2011/03/04/9http://openwall.com/lists/oss-security/2011/03/05/3http://openwall.com/lists/oss-security/2011/03/05/7http://openwall.com/lists/oss-security/2011/03/07/9http://openwall.com/lists/oss-security/2011/03/14/16http://openwall.com/lists/oss-security/2011/03/14/5http://openwall.com/lists/oss-security/2011/03/14/7http://openwall.com/lists/oss-security/2011/03/15/6http://openwall.com/lists/oss-security/2011/03/22/4http://openwall.com/lists/oss-security/2011/03/22/6http://openwall.com/lists/oss-security/2011/03/31/3http://openwall.com/lists/oss-security/2011/03/31/4http://openwall.com/lists/oss-security/2011/04/01/2http://www.mandriva.com/security/advisories?name=MDVSA-2011:148https://bugzilla.redhat.com/show_bug.cgi?id=688980https://exchange.xforce.ibmcloud.com/vulnerabilities/66702http://openwall.com/lists/oss-security/2011/03/04/10http://openwall.com/lists/oss-security/2011/03/04/11http://openwall.com/lists/oss-security/2011/03/04/12http://openwall.com/lists/oss-security/2011/03/04/9http://openwall.com/lists/oss-security/2011/03/05/3http://openwall.com/lists/oss-security/2011/03/05/7http://openwall.com/lists/oss-security/2011/03/07/9http://openwall.com/lists/oss-security/2011/03/14/16http://openwall.com/lists/oss-security/2011/03/14/5http://openwall.com/lists/oss-security/2011/03/14/7http://openwall.com/lists/oss-security/2011/03/15/6http://openwall.com/lists/oss-security/2011/03/22/4http://openwall.com/lists/oss-security/2011/03/22/6http://openwall.com/lists/oss-security/2011/03/31/3http://openwall.com/lists/oss-security/2011/03/31/4http://openwall.com/lists/oss-security/2011/04/01/2http://www.mandriva.com/security/advisories?name=MDVSA-2011:148https://bugzilla.redhat.com/show_bug.cgi?id=688980https://exchange.xforce.ibmcloud.com/vulnerabilities/66702
2011-04-10
Published