Mandriva Linux Security Advisory 2012-070 - A file existence disclosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.
f73e89882b6346ed93095ab15bfe3217fa69a9be28af45eabd68ea7d46a92cfa
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:070
https://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : May 4, 2012
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in samba:
A file existence dislosure flaw was found in the way mount.cifs tool
of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS
(Common Internet File System) filesystem. A local user, able to
mount a remote CIFS share / target to a local directory could use
this flaw to confirm (non) existence of a file system object (file,
directory or process descriptor) via error messages generated during
the mount.cifs tool run (CVE-2012-1586).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586
https://bugzilla.samba.org/show_bug.cgi?id=8821
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
dd496662bedc161b26294dae8fb3ec6a 2010.1/i586/libnetapi0-3.5.3-3.7mdv2010.2.i586.rpm
fa3eff21e8c15fdd00a0b09d784f8a75 2010.1/i586/libnetapi-devel-3.5.3-3.7mdv2010.2.i586.rpm
46f6c0838f1322501be976b0b108ee01 2010.1/i586/libsmbclient0-3.5.3-3.7mdv2010.2.i586.rpm
09d1da486d9c8dc917c3fcd33e67e9a8 2010.1/i586/libsmbclient0-devel-3.5.3-3.7mdv2010.2.i586.rpm
166127d2117775be61368b8a1d414d92 2010.1/i586/libsmbclient0-static-devel-3.5.3-3.7mdv2010.2.i586.rpm
5c3eb8d716160a3e1b644dacbfeb6a80 2010.1/i586/libsmbsharemodes0-3.5.3-3.7mdv2010.2.i586.rpm
3936bd1a76b6e3488953742e9dc1cdbd 2010.1/i586/libsmbsharemodes-devel-3.5.3-3.7mdv2010.2.i586.rpm
f326643fb6217d37f4392928ab3b9785 2010.1/i586/libwbclient0-3.5.3-3.7mdv2010.2.i586.rpm
798003779c5f818110c282dfa9c82149 2010.1/i586/libwbclient-devel-3.5.3-3.7mdv2010.2.i586.rpm
ff9d703897f4518e0ea553ea4fc27ba7 2010.1/i586/mount-cifs-3.5.3-3.7mdv2010.2.i586.rpm
2815ec4bf56d7761d545cf00afaec268 2010.1/i586/nss_wins-3.5.3-3.7mdv2010.2.i586.rpm
9e44d314f92c8cf23de00f29c2b2cd7b 2010.1/i586/samba-client-3.5.3-3.7mdv2010.2.i586.rpm
ea6957734016133ad7d2e6c174fe4244 2010.1/i586/samba-common-3.5.3-3.7mdv2010.2.i586.rpm
1b3eae9886f6c213cb39cbba7df6c613 2010.1/i586/samba-doc-3.5.3-3.7mdv2010.2.i586.rpm
95804ad6721490f9f0364e52b0553015 2010.1/i586/samba-domainjoin-gui-3.5.3-3.7mdv2010.2.i586.rpm
182e34741505e99493285b7fa645526a 2010.1/i586/samba-server-3.5.3-3.7mdv2010.2.i586.rpm
d490df138c62e60deb73ac2333716d7d 2010.1/i586/samba-swat-3.5.3-3.7mdv2010.2.i586.rpm
6b7edfbbd4dd295d9a59816d99235f49 2010.1/i586/samba-winbind-3.5.3-3.7mdv2010.2.i586.rpm
ec8ac62146e687e9a342c602513256fc 2010.1/SRPMS/samba-3.5.3-3.7mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
07e34908a3530dc7e0903b700f227813 2010.1/x86_64/lib64netapi0-3.5.3-3.7mdv2010.2.x86_64.rpm
61d892dc72900ea40871c2efd18fa7be 2010.1/x86_64/lib64netapi-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
4cf7dd4f2cf145ea9a53f15f5b4ca2fe 2010.1/x86_64/lib64smbclient0-3.5.3-3.7mdv2010.2.x86_64.rpm
80fe598f07d6b0c51f968bb53a493673 2010.1/x86_64/lib64smbclient0-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
75b40bd85d8888af79ee361a781db7eb 2010.1/x86_64/lib64smbclient0-static-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
52ba787499b18ad01c9934a9e389dac1 2010.1/x86_64/lib64smbsharemodes0-3.5.3-3.7mdv2010.2.x86_64.rpm
366dad10af9a0ceed23eb1cb234822f6 2010.1/x86_64/lib64smbsharemodes-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
008fb8eb148ff33c4d2f0a36fa3f3324 2010.1/x86_64/lib64wbclient0-3.5.3-3.7mdv2010.2.x86_64.rpm
05dfdc9e5388a90f2f14617ccf467381 2010.1/x86_64/lib64wbclient-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
3944d4668b05654a5ed89285e6f8c251 2010.1/x86_64/mount-cifs-3.5.3-3.7mdv2010.2.x86_64.rpm
ff15dcc2b2d8327613b02a90bd41ca03 2010.1/x86_64/nss_wins-3.5.3-3.7mdv2010.2.x86_64.rpm
457e3a8f97623173cdf47851779da069 2010.1/x86_64/samba-client-3.5.3-3.7mdv2010.2.x86_64.rpm
ba7d42f765f2de80fc9e7fed0e334d5d 2010.1/x86_64/samba-common-3.5.3-3.7mdv2010.2.x86_64.rpm
0d6a4807149323466dadcdc90be15fa6 2010.1/x86_64/samba-doc-3.5.3-3.7mdv2010.2.x86_64.rpm
ffbd0b27ee05885492e7362b5d441e23 2010.1/x86_64/samba-domainjoin-gui-3.5.3-3.7mdv2010.2.x86_64.rpm
4252f909e0e7bfaa45e5937c34064746 2010.1/x86_64/samba-server-3.5.3-3.7mdv2010.2.x86_64.rpm
5d8902b8ae2b99f3190c7261e8be6699 2010.1/x86_64/samba-swat-3.5.3-3.7mdv2010.2.x86_64.rpm
2a3b36b89008ba74be1851bb0fe0490a 2010.1/x86_64/samba-winbind-3.5.3-3.7mdv2010.2.x86_64.rpm
ec8ac62146e687e9a342c602513256fc 2010.1/SRPMS/samba-3.5.3-3.7mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
b406136551db81ea5c6a6fd52383b1db mes5/i586/libnetapi0-3.3.12-0.10mdvmes5.2.i586.rpm
5d0e71b63b6742d854a64760ffef5a1e mes5/i586/libnetapi-devel-3.3.12-0.10mdvmes5.2.i586.rpm
a1bce4873fbf03a0b3d9acb68b3b9928 mes5/i586/libsmbclient0-3.3.12-0.10mdvmes5.2.i586.rpm
3a4e098ba0d9d10aea27f16b0a88c547 mes5/i586/libsmbclient0-devel-3.3.12-0.10mdvmes5.2.i586.rpm
d82751d5e90726d2ca257ebd0edf37a8 mes5/i586/libsmbclient0-static-devel-3.3.12-0.10mdvmes5.2.i586.rpm
a736f31edc3007a78d6e1666cf506bcf mes5/i586/libsmbsharemodes0-3.3.12-0.10mdvmes5.2.i586.rpm
3c84b6ebb689e7718d769869ba912578 mes5/i586/libsmbsharemodes-devel-3.3.12-0.10mdvmes5.2.i586.rpm
de165b4236a01ee6b0a35eafd809e7ad mes5/i586/libtalloc1-3.3.12-0.10mdvmes5.2.i586.rpm
4f33d360e15006e8aed210e5b6650969 mes5/i586/libtalloc-devel-3.3.12-0.10mdvmes5.2.i586.rpm
d40ee305b6fc2b5ac78f4874de84f786 mes5/i586/libtdb1-3.3.12-0.10mdvmes5.2.i586.rpm
8a7ccd1fa68970696a40f5d889d78d02 mes5/i586/libtdb-devel-3.3.12-0.10mdvmes5.2.i586.rpm
48f738176a741af39161c82bed6050a2 mes5/i586/libwbclient0-3.3.12-0.10mdvmes5.2.i586.rpm
53490ef3ecd379720f720b823a4a0905 mes5/i586/libwbclient-devel-3.3.12-0.10mdvmes5.2.i586.rpm
264cd06bab6ad71a4930f42b53d754a9 mes5/i586/mount-cifs-3.3.12-0.10mdvmes5.2.i586.rpm
b15dd3af33a5a80389614a91ae45ad08 mes5/i586/nss_wins-3.3.12-0.10mdvmes5.2.i586.rpm
a410864fb10ddb0ea576181809d18df0 mes5/i586/samba-client-3.3.12-0.10mdvmes5.2.i586.rpm
80fd8d8167741ee7da3e885214c75775 mes5/i586/samba-common-3.3.12-0.10mdvmes5.2.i586.rpm
3db12da76a3dfc84f0fce71e62bbefcf mes5/i586/samba-doc-3.3.12-0.10mdvmes5.2.i586.rpm
6b778b3bc55cca365c6fad57a9f877da mes5/i586/samba-server-3.3.12-0.10mdvmes5.2.i586.rpm
3c493a7654d33cb2fab5595d3413f5e3 mes5/i586/samba-swat-3.3.12-0.10mdvmes5.2.i586.rpm
ecb7876de48598f822edb57f2d01083a mes5/i586/samba-winbind-3.3.12-0.10mdvmes5.2.i586.rpm
3dad784fd91e4d11f827bcf637e38911 mes5/SRPMS/samba-3.3.12-0.10mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
028b8b35fe265857c5660a48d0689f65 mes5/x86_64/lib64netapi0-3.3.12-0.10mdvmes5.2.x86_64.rpm
4e1e6ca82f91a16daba81ebad63c8ba1 mes5/x86_64/lib64netapi-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
b1687db7ef71fd55bd5dd8a806741435 mes5/x86_64/lib64smbclient0-3.3.12-0.10mdvmes5.2.x86_64.rpm
ada87ce49561ee2b1e53669a728ba9ab mes5/x86_64/lib64smbclient0-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
805b0dcf72047da6670091ef5190d557 mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
e7f423cd6dd382c59d6963fba9d2c3c9 mes5/x86_64/lib64smbsharemodes0-3.3.12-0.10mdvmes5.2.x86_64.rpm
e44daaa79d193ef689d5894b3bf9f528 mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
38d8d2801c3fa0287c7244822073f23d mes5/x86_64/lib64talloc1-3.3.12-0.10mdvmes5.2.x86_64.rpm
eae72bec1b9a6ff943c022513aab2fe5 mes5/x86_64/lib64talloc-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
2edaa04cd18eaae2cf91e94f38d0f6d0 mes5/x86_64/lib64tdb1-3.3.12-0.10mdvmes5.2.x86_64.rpm
4fab6b6ab1ec0e7fc2712c7af587088f mes5/x86_64/lib64tdb-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
cdbbbf0d46c237e518253deecfc06bc0 mes5/x86_64/lib64wbclient0-3.3.12-0.10mdvmes5.2.x86_64.rpm
908ad56c3b28e6b987da13774b33f379 mes5/x86_64/lib64wbclient-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
659ebc87967d3726da307b153b266cb0 mes5/x86_64/mount-cifs-3.3.12-0.10mdvmes5.2.x86_64.rpm
3c7e95924dd842028077ab6b7a610d62 mes5/x86_64/nss_wins-3.3.12-0.10mdvmes5.2.x86_64.rpm
163c146f282956f761b1a6e5c7070d98 mes5/x86_64/samba-client-3.3.12-0.10mdvmes5.2.x86_64.rpm
c1245d240a135b2d1c6b97d3009ce01d mes5/x86_64/samba-common-3.3.12-0.10mdvmes5.2.x86_64.rpm
e0d54e3ca8d92b1a8d661ac70d152186 mes5/x86_64/samba-doc-3.3.12-0.10mdvmes5.2.x86_64.rpm
f61cdc68213c9baef4bf6d71a46fe8d0 mes5/x86_64/samba-server-3.3.12-0.10mdvmes5.2.x86_64.rpm
94d10dfe6ee83aa026c75c87745107bf mes5/x86_64/samba-swat-3.3.12-0.10mdvmes5.2.x86_64.rpm
cd984b4be2ecfc30144ff2d0a0d0c6d1 mes5/x86_64/samba-winbind-3.3.12-0.10mdvmes5.2.x86_64.rpm
3dad784fd91e4d11f827bcf637e38911 mes5/SRPMS/samba-3.3.12-0.10mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPo9/qmqjQ0CJFipgRAmPKAKDRZK/72FfLzVHDziK1FXk0cwAKgACgtUfK
qiVpzJ/OFQeZTT2t7moMp0Q=
=mhCS
-----END PGP SIGNATURE-----