mount-cifs: Multiple vulnerabilites
Gentoo Linux Security Advisory
||GLSA 201206-29 / mount-cifs
||June 25, 2012
||February 02, 2014: 2
All supported architectures
Multiple vulnerabilities were found in mount-cifs, the worst of
which leading to privilege escalation.
mount-cifs is the cifs filesystem mount helper split from Samba.
Multiple vulnerabilities have been discovered in mount-cifs. Please
review the CVE identifiers referenced below for details.
The vulnerabilities allow local users to cause a denial of service (mtab
corruption) via a crafted string. Also, local users could mount a CIFS
share on an arbitrary mountpoint, and gain privileges via a symlink
attack on the mountpoint directory file.
There is no known workaround at this time.
Gentoo has discontinued support for mount-cifs. We recommend that users
Code Listing 3.1: Resolution
# emerge --unmerge "net-fs/mount-cifs"