Bug 532940 (CVE-2010-0788)
Summary: | CVE-2010-0788 ncpfs: Race condition by mount (ncpmount) / umount (ncpumount) operations | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | gdeschner, jbacik, jlayton, kreilly, lemenkov, mjc, security-response-team, ssorce, vcrhonek, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | CVE-2010-0787 CVE-2010-0789 (view as bug list) | Environment: | |||||
Last Closed: | 2010-03-26 16:02:33 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 558826 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Jan Lieskovsky
2009-11-04 12:45:35 UTC
Vulnerable package versions: a, samba-client (mount.cifs) This issue affects the versions of the samba-client package, as shipped with Red Hat Enterprise Linux 4 and 5. Though the "mount.cifs" binary on these systems is NOT shipped with setuid root bit enabled by default (unprivileged user is NOT able to mount custom CIFS shares), which mitigates the impact of the vulnerability. This issue affects the versions of the samba-client package, as shipped with Fedora 11 and 12. "mount.cifs" binary is NOT shipped with setuid root bit enabled on these systems. b, fuse (fusermount -u) This issue affects the version of the "fuse" package, as shipped with Red Hat Enterprise Linux 5. "fusermount" binary IS shipped with setuid root bit enabled on Red Hat Enteprise Linux 5, but unprivileged user, to be able to mount custom FUSE filesystem shares, need first to be member of special "fuse" group (privilege provided by the privileged user), which mitigates the impact of this vulnerability. This issue affects the versions of the "fuse" package, as shipped with Fedora release of 11 and 12. c, ncpfs (ncpmount, ncpumount) These issues affect the versions of the ncpfs package, as shipped with Fedora release of 11 and 12. The "ncpmount / ncpumount" binaries are NOT shipped with setuid root bit enabled by default (unprivileged user is NOT able to mount / umount custom remote NCP protocol shares), which mitigates the impact of the vulnerability. ncpfs-2.2.6-13.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/ncpfs-2.2.6-13.fc12 ncpfs-2.2.6-12.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ncpfs-2.2.6-12.fc11 samba-3.4.5-55.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/samba-3.4.5-55.fc12 samba-3.4.5-0.47.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/samba-3.4.5-0.47.fc11 ncpfs-2.2.6-13.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. ncpfs-2.2.6-12.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. samba-3.4.5-0.47.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. samba-3.4.5-55.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. fuse-2.8.1-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. fuse-2.8.1-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. MITRE has rejected the use of CVE-2009-3297 because it was used for samba, ncpfs, and fuse when it should only have been used for Samba. Instead, new CVEs have been assigned as follows: CVE-2010-0787: samba CVE-2010-0788: ncpfs CVE-2010-0789: fuse For Samba: This issue does not affect Red Hat Enterprise Linux 4 and 5 by default as mount.cifs is not provided with the setuid bit enabled. If a user has turned on the setuid bit (via 'chmod +s /sbin/mount.cifs'), they would be affected by this issue and can workaround the problem by removing the setuid bit. Red Hat Enterprise Linux 3 does not provide the mount.cifs program. For FUSE: This issue does affect Red Hat Enterprise Linux 5 because it does ship fusermount suid root, however the impact of this flaw is minimized due to the fact that only members in group 'fuse' may use it; the executable is owned root:fuse and mode 4750. Red Hat Enterprise Linux 3 and 4 do not provide the fuse package. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This bug has been split out so that each CVE has its own bug. Please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0787 for Samba and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0789 for fuse As updated packages for ncpfs have been pushed for Fedora, this bug is resolved. |