| From the Red Hat bugzilla:
Originally the CVE-2010-0547 identifier has been assigned by Common
Vulnerabilities and Exposures to the following security issue:
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
Later a bug was found in the upstream patch for this issue. More specifically:
check_mtab() calls check_newline() to check device and directory name.
check_newline() returns EX_USAGE (1) when error is detected, while check_mtab() expects -1 to indicate an error.
This bug in original CVE-2010-0547 fix (not to propagate the error properly) caused mount.cifs command on specially-crafted mount point (containing newline character) still to succeed and potentially, to corrupt mtab table on the systems, where CVE-2010-0296 glibc fix was not applied yet. | 