oss-sec mailing list archives

CVE-2009-3297 samba/ncpfs/fuse issues granted individual 2010 CVE names?

From: Vincent Danen <vdanen () redhat com>
Date: Tue, 2 Mar 2010 13:52:05 -0700

* [2010-03-02 13:05:28 -0500] nobody () redhat com via RT wrote:

Hi, Steve.  I'm confused about these three CVEs, particularly since
CVE-2009-3297 was assigned to this issue (I suppose it would be more
correct to have 3 CVEs for the issue, but I'm not sure then why
CVE-2009-3297 was completely ignored unless you intend for it to be not
used/duplicated to one of these?).

I'm also confused on using a 2010-based name since our bugzilla entry is
dated 2009-11-04, and Samba upstream has their reported dated
2009-10-28, so these should have received 2009-based names.

We've used CVE-2009-3297 all over the place so it's pretty hard to miss.
Looking at the references just for the samba issue (your CVE-2010-0787),
all of the references except the git commits refer to CVE-2009-3297.

Can you clarify why this was done?  CC'ing oss-security in case anyone
else has noticed this as well.

Thanks.

======================================================
Name: CVE-2010-0787
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100302
Category:
Reference: CONFIRM:http://git.samba.org/?p=samba.git;a=commit;h=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80
Reference: CONFIRM:http://git.samba.org/?p=samba.git;a=commit;h=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=532940
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=558833
Reference: CONFIRM:https://bugzilla.samba.org/show_bug.cgi?id=6853
Reference: FEDORA:FEDORA-2010-1190
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html
Reference: FEDORA:FEDORA-2010-1218
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html
Reference: UBUNTU:USN-893-1
Reference: URL:http://www.ubuntu.com/usn/USN-893-1
Reference: BID:37992
Reference: URL:http://www.securityfocus.com/bid/37992
Reference: SECUNIA:38286
Reference: URL:http://secunia.com/advisories/38286
Reference: SECUNIA:38308
Reference: URL:http://secunia.com/advisories/38308
Reference: SECUNIA:38357
Reference: URL:http://secunia.com/advisories/38357
Reference: XF:sambaclient-mountcifs-symlink(55944)
Reference: URL:http://xforce.iss.net/xforce/xfdb/55944

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a,
3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS
share on an arbitrary mountpoint, and gain privileges, via a symlink
attack on the mountpoint directory file.



======================================================
Name: CVE-2010-0788
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0788
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100302
Category:
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=532940
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=558833
Reference: FEDORA:FEDORA-2010-1145
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034403.html
Reference: FEDORA:FEDORA-2010-1168
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034422.html
Reference: SECUNIA:38327
Reference: URL:http://secunia.com/advisories/38327
Reference: SECUNIA:38371
Reference: URL:http://secunia.com/advisories/38371

ncpfs 2.2.6 allows local users to cause a denial of service, obtain
sensitive information, or possibly gain privileges via symlink attacks
involving the (1) ncpmount and (2) ncpumount programs.



======================================================
Name: CVE-2010-0789
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0789
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100302
Category:
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633
Reference: CONFIRM:http://sourceforge.net/projects/fuse/files/ReleaseNotes/fuse-2.8.3.html/view
Reference: CONFIRM:http://sourceforge.net/projects/fuse/files/fuse-2.X/2.7.5/fuse-2.7.5.tar.gz/download
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=532940
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=558833
Reference: DEBIAN:DSA-1989
Reference: URL:http://www.debian.org/security/2010/dsa-1989
Reference: FEDORA:FEDORA-2010-1140
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034518.html
Reference: FEDORA:FEDORA-2010-1159
Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034580.html
Reference: UBUNTU:USN-892-1
Reference: URL:http://www.ubuntu.com/usn/USN-892-1
Reference: BID:37983
Reference: URL:http://www.securityfocus.com/bid/37983
Reference: SECUNIA:38261
Reference: URL:http://secunia.com/advisories/38261
Reference: SECUNIA:38287
Reference: URL:http://secunia.com/advisories/38287
Reference: SECUNIA:38359
Reference: URL:http://secunia.com/advisories/38359
Reference: SECUNIA:38437
Reference: URL:http://secunia.com/advisories/38437
Reference: XF:fuse-fusermount-dos(55945)
Reference: URL:http://xforce.iss.net/xforce/xfdb/55945

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local
users to unmount an arbitrary FUSE filesystem share via a symlink
attack on a mountpoint.

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE-2009-3297 samba/ncpfs/fuse issues granted individual 2010 CVE names? Vincent Danen (Mar 02)
- Re: CVE-2009-3297 samba/ncpfs/fuse issues granted individual 2010 CVE names? Vincent Danen (Mar 02)
- Re: CVE-2009-3297 samba/ncpfs/fuse issues granted individual 2010 CVE names? Steven M. Christey (Mar 03)
  - Re: CVE-2009-3297 samba/ncpfs/fuse issues granted individual 2010 CVE names? Vincent Danen (Mar 03)