Back to search
CVE-2011-2724
Published: Sep 6, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2011:1220
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=726691
x_refsource_CONFIRM
45798
third-party-advisory
x_refsource_SECUNIA
1025984
vdb-entry
x_refsource_SECTRACK
[oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue
mailing-list
x_refsource_MLIST
MDVSA-2011:148
vendor-advisory
x_refsource_MANDRIVA
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
x_refsource_CONFIRM
RHSA-2011:1221
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now