CVE-2011-1678
The MITRE CVE dictionary describes this issue as:
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Find out more about CVE-2011-1678 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
On Red Hat Enterprise Linux, by default, mount.cifs is not provided with the setuid bit enabled. If a user has turned on the setuid bit (via chmod +s /sbin/mount.cifs), they would be affected by this issue, and can work around the problem by removing the setuid bit.
Red Hat Enterprise Linux 3 does not provide the mount.cifs program.
CVSS v2 metrics
| Base Score | 3.3 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:N/I:P/A:P |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (samba3x) | RHSA-2011:1220 | 2011-08-29 |
| Red Hat Enterprise Linux 6 | RHSA-2011:1221 | 2011-08-29 |
| Red Hat Enterprise Linux 4 (samba) | RHSA-2011:1219 | 2011-08-29 |
| Red Hat Enterprise Linux 5 (samba) | RHSA-2011:1219 | 2011-08-29 |
Acknowledgements
Red Hat would like to thank Dan Rosenberg for reporting this issue.CVE description copyright © 2017, The MITRE Corporation