Ubuntu 8.04 LTS / 10.04 LTS : samba vulnerabilities (USN-1226-1)

Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Dan Rosenberg discovered that Samba incorrectly handled changes to the
mtab file. A local attacker could use this issue to corrupt the mtab
file, possibly leading to a denial of service. (CVE-2011-1678)

Jan Lieskovsky discovered that Samba incorrectly filtered certain
strings being added to the mtab file. A local attacker could use this
issue to corrupt the mtab file, possibly leading to a denial of
service. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2724)

Dan Rosenberg discovered that Samba incorrectly handled the mtab lock
file. A local attacker could use this issue to create a stale lock
file, possibly leading to a denial of service. (CVE-2011-3585).

Solution :

Update the affected smbfs package.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 56389 ()

Bugtraq ID:

CVE ID: CVE-2011-1678
CVE-2011-2724
CVE-2011-3585