CVE-2011-1678

Publication date 9 April 2011

Last updated 24 July 2024

Ubuntu priority

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cifs-utils	11.04 natty	Fixed 2:4.5-2ubuntu0.11.04.1
	10.10 maverick	Fixed 2:4.5-2ubuntu0.10.10.1
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
samba	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 2:3.4.7~dfsg-1ubuntu3.8
	9.10 karmic	Ignored end of life
	8.04 LTS hardy	Fixed 3.0.28a-1ubuntu4.16
	6.06 LTS dapper	Ignored end of life

Notes

mdeslaur

we ship this suid by default, so this is medium hardy needs to get mtab lock file support backported http://git.samba.org/?p=samba.git;a=commit;h=32695912dd3ed7c02da68209328d630c89d395ba

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cifs-utils	Upstream: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
samba	Upstream: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec

References

Related Ubuntu Security Notices (USN)

USN-1226-1
Samba vulnerabilities
4 October 2011

USN-1226-2
cifs-utils vulnerabilities
4 October 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1678