CVE-2011-1678

NameCVE-2011-1678
Descriptionsmbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cifs-utils (PTS)jessie, jessie (lts)2:6.4-1+deb8u1fixed
stretch (security), stretch (lts), stretch2:6.7-1+deb9u1fixed
buster (security), buster, buster (lts)2:6.8-2+deb10u1fixed
bullseye2:6.11-3.1+deb11u2fixed
bullseye (security)2:6.11-3.1+deb11u1fixed
bookworm2:7.0-2fixed
sid, trixie2:7.0-2.1fixed
samba (PTS)jessie, jessie (lts)2:4.2.14+dfsg-0+deb8u16fixed
stretch (security)2:4.5.16+dfsg-1+deb9u4fixed
stretch (lts), stretch2:4.5.16+dfsg-1+deb9u5fixed
buster (security), buster, buster (lts)2:4.9.5+dfsg-5+deb10u5fixed
bullseye (security), bullseye2:4.13.13+dfsg-1~deb11u6fixed
bookworm (security), bookworm2:4.17.12+dfsg-0+deb12u1fixed
trixie2:4.21.2+dfsg-3fixed
sid2:4.21.2+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cifs-utilssourcesqueeze2:4.5-2+squeeze1
cifs-utilssource(unstable)2:5.1-1low
sambasource(unstable)2:3.4.7~dfsg-2low

Notes

cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec

Search for package or bug name: Reporting problems