MDVSA-2010:090-1

Package name

samba

Date

2010-05-04

Advisory ID

MDVSA-2010:090-1

Affected versions

2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilies has been found and corrected in samba:

client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify
that the (1) device name and (2) mountpoint strings are composed of
valid characters, which allows local users to cause a denial of service
(mtab corruption) via a crafted string (CVE-2010-0547).

client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0787).

The updated packages have been patched to correct these issues.

Update:

It was discovered that the previous Samba update required libtalloc
from Samba4 package. Therefore, this update provides the required
packages in order to fix the issue.

Updated packages

2010.0 x86_64

 b1318d1c6ecedeeb4da4972643a19c13  2010.0/x86_64/ldb-utils-0.9.3-0.4.alpha8.1mdv2010.0.x86_64.rpm
 5eb775ff7af941e88623013ca49c559f  2010.0/x86_64/lib64dcerpc0-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
 017bd8047240704ca5162f4a0b3dd77f  2010.0/x86_64/lib64dcerpc-devel-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
 2ea7bb6f8405f525175e3392f084befc  2010.0/x86_64/lib64ldb0-0.9.3-0.4.alpha8.1mdv2010.0.x86_64.rpm
 ab732bb499ce71c5a52df68fedfe4bb9  2010.0/x86_64/lib64ldb-devel-0.9.3-0.4.alpha8.1mdv2010.0.x86_64.rpm
 fcc211d9ff438446b3bf3031f9c0302e  2010.0/x86_64/lib64ndr0-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
 1dcd1ddf1e40a7e9d9ab9c9973d1dc2f  2010.0/x86_64/lib64ndr-devel-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
 b84a96186f833edce6fc344294978348  2010.0/x86_64/lib64samba-hostconfig0-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
 59585b08d0a4a045d4491bb8c850f57d  2010.0/x86_64/lib64samba-hostconfig-devel-0.0.1-0.4.alpha8.1mdv2010.0.x86_64.rpm
 628818c2b6dbc7a5bdb2e32ce6130f78  2010.0/x86_64/lib64talloc1-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 f58686dd7985f44d590f9c98cbde29bf  2010.0/x86_64/lib64talloc-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 75a100c230b65b5ffe3540338f96b851  2010.0/x86_64/lib64tdb1-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 a02aeb66c298487f7c344a0011c2312a  2010.0/x86_64/lib64tdb-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 e7f39aaa5f422d699d0c73392fe9a796  2010.0/x86_64/lib64tevent0-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 acd94c5883f1f7f433f1f63a52df499c  2010.0/x86_64/lib64tevent-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 6d91debc61ab281e359b3719d8caa444  2010.0/x86_64/mount-cifs4-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 fc06ddb728a6a09e8d53d490cd0716be  2010.0/x86_64/samba4-client-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 4e1a3e4547bce103ab26e25b9fb3780b  2010.0/x86_64/samba4-common-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 90de7437d5746a8b9bb73d498483775f  2010.0/x86_64/samba4-devel-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 5e41d73b7a195194197e2939671694e2  2010.0/x86_64/samba4-pidl-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 758b6b558fe40817a7fbd9dc3ac2f048  2010.0/x86_64/samba4-python-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 e8443f11a48077b369f4439d138c85e0  2010.0/x86_64/samba4-server-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 96053f726342035db307d73d3696c847  2010.0/x86_64/samba4-test-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm
 b9628165fe466ece2a0f335026c2feeb  2010.0/x86_64/tdb-utils-4.0.0-0.4.alpha8.1mdv2010.0.x86_64.rpm 
 b7504617214cb1034a29580b2b697593  2010.0/SRPMS/samba4-4.0.0-0.4.alpha8.1mdv2010.0.src.rpm

2010.0 i586

 8f5f819b50cfaf62c238e6758791b5b5  2010.0/i586/ldb-utils-0.9.3-0.4.alpha8.1mdv2010.0.i586.rpm
 d8c57b97736f3f508e900dd7c12e57cc  2010.0/i586/libdcerpc0-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
 7733733a537e8b9042d60f0a8e9ee99e  2010.0/i586/libdcerpc-devel-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
 e2c3eb439d594264dcb1bf6b5c7ae86f  2010.0/i586/libldb0-0.9.3-0.4.alpha8.1mdv2010.0.i586.rpm
 3abb81c0ae4ff4bf341758947c8ba894  2010.0/i586/libldb-devel-0.9.3-0.4.alpha8.1mdv2010.0.i586.rpm
 054ef02b0fb4a323227eb2667441e472  2010.0/i586/libndr0-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
 19cc9ed139ed38be30107b4f9bc31b1b  2010.0/i586/libndr-devel-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
 71fe32545cebfda6eb9f97391e908561  2010.0/i586/libsamba-hostconfig0-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
 9e18cb55d07d03a2c3211a3cdafb9214  2010.0/i586/libsamba-hostconfig-devel-0.0.1-0.4.alpha8.1mdv2010.0.i586.rpm
 a43658c727b5f5aa7afbcf19ae3e3231  2010.0/i586/libtalloc1-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 cada4bdc04addcb04fb138527bb2a995  2010.0/i586/libtalloc-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 1babaa5946dc9c4e2fe94a75bf5507a8  2010.0/i586/libtdb1-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 866766e571c43afaf59774dc7a47d3cc  2010.0/i586/libtdb-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 2539a4810e03b0a77a8c5c4faaeb87fe  2010.0/i586/libtevent0-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 3fd0b63a1a6314d813fea5b5298fa4db  2010.0/i586/libtevent-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 7fc867d4ea2d094338b7456eb953a8a4  2010.0/i586/mount-cifs4-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 be9d83f8825cdb4616b76f094c595ecd  2010.0/i586/samba4-client-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 72add693d66463d5494dd058cc4213d4  2010.0/i586/samba4-common-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 7de52ea9aa7059da0d9f3c86e4602992  2010.0/i586/samba4-devel-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 0d1cd1855cf928fb7965e3beecba6784  2010.0/i586/samba4-pidl-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 f6d8e5e2a8eec0b77e6aab6ee83d6578  2010.0/i586/samba4-python-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 3b80378f5de30d4ed1e18073ccdeef16  2010.0/i586/samba4-server-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 ee6a79c118912689cb52547a34649e41  2010.0/i586/samba4-test-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm
 17985a3819fa0dcdbdf22a6c648736ce  2010.0/i586/tdb-utils-4.0.0-0.4.alpha8.1mdv2010.0.i586.rpm 
 b7504617214cb1034a29580b2b697593  2010.0/SRPMS/samba4-4.0.0-0.4.alpha8.1mdv2010.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547