Published: 02/03/2010 Updated: 07/11/2023

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage

Ronald Volgers discovered that the mountcifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation ...

Dan Rosenberg discovered that FUSE did not correctly check mount locations A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service ...

Debian Bug report logs - #567633 race condition in fusermount Package: fuse-utils; Maintainer for fuse-utils is (unknown); Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 30 Jan 2010 11:12:04 UTC Severity: grave Tags: security Fixed in versions fuse/281-12, fuse/274-11+lenny1, fuse/253-44+etch1 Done: ...

Debian Bug report logs - #567554 Privilege escalation in mountcifs Package: smbfs; Maintainer for smbfs is (unknown); Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jan 2010 18:21:01 UTC Severity: grave Tags: security Found in version samba/2:340-3 Fixed in version samba/2:345~dfsg-2 Done: Christian ...

Debian Bug report logs - #568942 samba: mtab corruption via malicious crafted string Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Source for samba is src:samba (PTS, buildd, popcon) Reported by: Pedro R <pedrib@gmailcom> Date: Mon, 8 Feb 2010 22:57:05 U ...

Debian Bug report logs - #602333 /usr/bin/fusermount: fusermount allows unmount any filesystem Package: fuse-utils; Maintainer for fuse-utils is (unknown); Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Wed, 3 Nov 2010 20:27:01 UTC Severity: grave Tags: security, squeeze-ignore Found in versions fuse/284-11, ...

Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service For the oldstable distribution (etch), this problem has been fixed in version 253-44+etch1 For the stable distribution (lenny), this problem has been fixed in ...

Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3297 Ronald Volgers discovered that a race condition in mountcifs allows local users to mount remote filesystems over arbitrary mount p ...

https://nvd.nist.gov https://usn.ubuntu.com/893-1/

Get Started

CVE-2009-3297

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect