CVE-2011-2724
Samba < 3.5.10 - Denial of Service via Improper Input Validation in check_mtab Function
Title source: llmDescription
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
References (9)
Core 9
Core References
Various Sources x_refsource_confirm
http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1220.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=726691
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45798
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025984
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/07/29/9
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
Patch x_refsource_confirm
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1221.html
Scores
EPSS
0.0117
EPSS Percentile
78.9%
Details
CWE
CWE-20
Status
published
Products (30)
samba/samba
1.9.17 (6 CPE variants)
samba/samba
1.9.18 (10 CPE variants)
samba/samba
2.0
samba/samba
2.0.0
samba/samba
2.0.1
samba/samba
2.0.2
samba/samba
2.0.3
samba/samba
2.0.4
samba/samba
2.0.5 (2 CPE variants)
samba/samba
2.0.5a
... and 20 more
Published
Sep 06, 2011
Tracked Since
Feb 18, 2026