Ronald Volgers discovered that the mountcifs utility, when installed as a
setuid program, suffered from a race condition when verifying user
permissions A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation ...
Dan Rosenberg discovered that FUSE did not correctly check mount
locations A local attacker, with access to use FUSE, could unmount
arbitrary locations, leading to a denial of service ...
Debian Bug report logs -
#567633
race condition in fusermount
Package:
fuse-utils;
Maintainer for fuse-utils is (unknown);
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Sat, 30 Jan 2010 11:12:04 UTC
Severity: grave
Tags: security
Fixed in versions fuse/281-12, fuse/274-11+lenny1, fuse/253-44+etch1
Done: ...
Debian Bug report logs -
#567554
Privilege escalation in mountcifs
Package:
smbfs;
Maintainer for smbfs is (unknown);
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 29 Jan 2010 18:21:01 UTC
Severity: grave
Tags: security
Found in version samba/2:340-3
Fixed in version samba/2:345~dfsg-2
Done: Christian ...
Debian Bug report logs -
#568942
samba: mtab corruption via malicious crafted string
Package:
samba;
Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Source for samba is src:samba (PTS, buildd, popcon)
Reported by: Pedro R <pedrib@gmailcom>
Date: Mon, 8 Feb 2010 22:57:05 U ...
Debian Bug report logs -
#602333
/usr/bin/fusermount: fusermount allows unmount any filesystem
Package:
fuse-utils;
Maintainer for fuse-utils is (unknown);
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Wed, 3 Nov 2010 20:27:01 UTC
Severity: grave
Tags: security, squeeze-ignore
Found in versions fuse/284-11, ...
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace
A local attacker, with access to use FUSE, could unmount arbitrary
locations, leading to a denial of service
For the oldstable distribution (etch), this problem has been fixed in
version 253-44+etch1
For the stable distribution (lenny), this problem has been fixed in ...
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file,
print, and login server for Unix The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-3297
Ronald Volgers discovered that a race condition in mountcifs
allows local users to mount remote filesystems over arbitrary
mount p ...