Mandriva Update For Samba MDVSA-2012:070 (samba) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in samba: A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm (non) existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run (CVE-2012-1586). The updated packages have been patched to correct this issue.

Affected

samba on Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-1586
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandriva Update for gnucash MDKSA-2007:046 (gnucash)
Mandriva Update for amarok MDVSA-2008:172 (amarok)
Mandriva Update for wireshark MDVSA-2012:080 (wireshark)
Mandriva Update for gcc MDVSA-2008:066 (gcc)
Mandrake Security Advisory MDVSA-2009:256 (dbus)

Mandriva Update for samba MDVSA-2012:070 (samba)

Take action and discover your vulnerabilities