Rapid7 Vulnerability & Exploit Database

RHSA-2011:1221: samba and cifs-utils security and bug fix update

Back to Search

RHSA-2011:1221: samba and cifs-utils security and bug fix update



Samba is a suite of programs used by machines to share files, printers, andother information. The cifs-utils package contains utilities for mountingand managing CIFS (Common Internet File System) shares.A cross-site scripting (XSS) flaw was found in the password change page ofthe Samba Web Administration Tool (SWAT). If a remote attacker could tricka user, who was logged into the SWAT interface, into visiting aspecially-crafted URL, it would lead to arbitrary web script execution inthe context of the user's SWAT session. (CVE-2011-2694)It was found that SWAT web pages did not protect against Cross-SiteRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,who was logged into the SWAT interface, into visiting a specially-craftedURL, the attacker could perform Samba configuration changes with theprivileges of the logged in user. (CVE-2011-2522)It was found that the fix for CVE-2010-0547, provided in the cifs-utilspackage included in the GA release of Red Hat Enterprise Linux 6, wasincomplete. The mount.cifs tool did not properly handle share or directorynames containing a newline character, allowing a local attacker to corruptthe mtab (mounted file systems table) file via a specially-crafted CIFSshare mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)It was found that the mount.cifs tool did not handle certain errorscorrectly when updating the mtab file. If mount.cifs had the setuid bitset, a local attacker could corrupt the mtab file by setting a small filesize limit before running mount.cifs. (CVE-2011-1678)Note: mount.cifs from the cifs-utils package distributed by Red Hat doesnot have the setuid bit set. We recommend that administrators do notmanually set the setuid bit for mount.cifs.Red Hat would like to thank the Samba project for reporting CVE-2011-2694and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstreamacknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as theoriginal reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.as the original reporter of CVE-2011-2522.This update also fixes the following bug:Users of samba and cifs-utils are advised to upgrade to these updatedpackages, which contain backported patches to resolve these issues. Afterinstalling this update, the smb service will be restarted automatically.


  • redhat-upgrade-cifs-utils
  • redhat-upgrade-cifs-utils-debuginfo
  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-debuginfo
  • redhat-upgrade-samba-doc
  • redhat-upgrade-samba-domainjoin-gui
  • redhat-upgrade-samba-swat
  • redhat-upgrade-samba-winbind
  • redhat-upgrade-samba-winbind-clients
  • redhat-upgrade-samba-winbind-devel
  • redhat-upgrade-samba-winbind-krb5-locator

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center