CVE-2004-0186

Properties

Published:
14.03.2004
Updated:
13.05.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N) Approximated
Product:
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel
Linux: Linux kernel

Vulnerability description

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

References:

The Aims Group: http://marc.theaimsgroup.com/?l=bugtraq&m=107636290906296&w=2
ISS X-Force: http://xforce.iss.net/xforce/xfdb/15131
Security Focus: http://www.securityfocus.com/bid/9619
Debian: http://www.debian.org/security/2004/dsa-463