Solution
Please Install the Updated Packages.
Insight
Multiple vulnerabilies has been found and corrected in samba:
client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string (CVE-2010-0547).
client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file (CVE-2010-0747).
The updated packages have been patched to correct these issues.
Affected
samba on Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64,
Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2009.1,
Mandriva Linux 2009.1/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64
Severity
Classification
-
CVE CVE-2010-0547, CVE-2010-0747 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Mandriva Update for gnome-screensaver MDVSA-2008:135 (gnome-screensaver)
- Mandriva Update for amarok MDVSA-2008:172 (amarok)
- Mandriva Update for glpi-massocsimport MDVA-2011:021 (glpi-massocsimport)
- Mandriva Update for kdebase4-workspace MDVA-2008:156-1 (kdebase4-workspace)
- Mandriva Update for util-linux MDKSA-2007:053 (util-linux)