VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
JVNDB-2010-001741     ( CVE-2010-0787 | CVE-2010-0787 )
Samba の smbfs における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001741.html

Original

Samba の smbfs の mount.cifs 内にある client/mount.cifs.c には、マウントポイントのディレクトリファイルの処理に関して不備があるため、任意のマウントポイントで CIFS の共有をマウントされる、および権限を取得される脆弱性が存在します。

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
JVN iPedia
First Published:
2010-07-29
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-29




Affected Product Tags
cpe:/a:samba:samba
cpe:/o:turbolinux:turbolinux_appliance_server:2.0
cpe:/o:turbolinux:turbolinux_appliance_server:3.0
cpe:/o:turbolinux:turbolinux_appliance_server:3.0::x64
cpe:/o:turbolinux:turbolinux_client:2008
cpe:/o:turbolinux:turbolinux_fuji
cpe:/o:turbolinux:turbolinux_server:10
cpe:/o:turbolinux:turbolinux_server:10::x64
cpe:/o:turbolinux:turbolinux_server:11
cpe:/o:turbolinux:turbolinux_server:11::x64
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2010-0787




National Vulnerability Database (NVD) CVE-2010-0787








References
ISS X-Force Database 55944




Samba samba-3.5.2




Samba samba-3.4.8




Secunia Advisory SA38286




SecurityFocus 37992




共通脆弱性タイプ一覧 (CWE) リンク解釈の問題 (CWE-59)




製品セキュリティ情報 TLSA-2010-23




Copyright © 2010 JPCERT/CC All Rights Reserved.