CVE-2011-1678

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
sambasamba
𝑥
≤ 3.5.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cifs-utils
bookworm
2:7.0-2
fixed
bullseye
2:6.11-3.1+deb11u2
fixed
bullseye (security)
2:6.11-3.1+deb11u1
fixed
sid
2:7.0-2.1
fixed
trixie
2:7.0-2.1
fixed
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cifs-utils
dapper
dne
hardy
dne
karmic
dne
lucid
dne
maverick
Fixed 2:4.5-2ubuntu0.10.10.1
released
natty
Fixed 2:4.5-2ubuntu0.11.04.1
released
samba
dapper
ignored
hardy
Fixed 3.0.28a-1ubuntu4.16
released
karmic
ignored
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.8
released
maverick
not-affected
natty
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
cifs-utils
RHEL 6
0:4.8.1-2.el6_1.2
fixed
libsmbclient
RHEL 6
0:3.5.6-86.el6_1.4
fixed
libsmbclient-devel
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-client
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-common
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-doc
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-domainjoin-gui
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-swat
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-clients
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-devel
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-krb5-locator
RHEL 6
0:3.5.6-86.el6_1.4
fixed
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
https://bugzilla.redhat.com/show_bug.cgi?id=688980
https://exchange.xforce.ibmcloud.com/vulnerabilities/66702
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
https://bugzilla.redhat.com/show_bug.cgi?id=688980
https://exchange.xforce.ibmcloud.com/vulnerabilities/66702