Required CVE Record Information
Description
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
References 9 Total
- http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91
- redhat.com: RHSA-2011:1220 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=726691
- secunia.com: 45798 third-party-advisory
- securitytracker.com: 1025984 vdb-entry
- openwall.com: [oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue mailing-list
- mandriva.com: MDVSA-2011:148 vendor-advisory
- http://comments.gmane.org/gmane.linux.kernel.cifs/3827
- redhat.com: RHSA-2011:1221 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 9 Total
- http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91 x_transferred
- redhat.com: RHSA-2011:1220 vendor-advisoryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=726691 x_transferred
- secunia.com: 45798 third-party-advisoryx_transferred
- securitytracker.com: 1025984 vdb-entryx_transferred
- openwall.com: [oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue mailing-listx_transferred
- mandriva.com: MDVSA-2011:148 vendor-advisoryx_transferred
- http://comments.gmane.org/gmane.linux.kernel.cifs/3827 x_transferred
- redhat.com: RHSA-2011:1221 vendor-advisoryx_transferred