USN-893-1: Samba vulnerability
28 January 2010
Samba vulnerability
Releases
Packages
- samba -
Details
Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.