Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2011 17:09:13 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC:, Jeffrey Layton <>
Subject: CVE-2011-2724 assignment notification -- samba -- incomplete fix
 for CVE-2010-0547 issue

Hello Josh, Steve, vendors,

   during creation of automated test case for samba CVE-2010-0547 issue 
I have noticed still to be possible mount.cifs to succeed to mount Samba 
share to specially-crafted mount point (containing newline character), 
potentially resulting into mtab corruption (on systems, where glibc 
package was not patched against CVE-2010-0296 flaw yet).

The new CVE identifier of CVE-2011-2724 has been assigned to this issue
(as an incomplete fix for CVE-2010-0547 issue).

Kudos to Tomas Hoger and Jeffrey Layton for their analysis of the issue:

check_mtab() calls check_newline() to check device and directory name.
check_newline() returns EX_USAGE (1) when error is detected, while 
check_mtab() expects -1 to indicate an error.

and to Jeffrey Layton again for providing the patch almost immediately:


Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ