CVE-2011-2724

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
sambasamba
𝑥
≤ 3.5.10
sambasamba
1.9.17
sambasamba
1.9.17:p1
sambasamba
1.9.17:p2
sambasamba
1.9.17:p3
sambasamba
1.9.17:p4
sambasamba
1.9.17:p5
sambasamba
1.9.18
sambasamba
1.9.18:p1
sambasamba
1.9.18:p10
sambasamba
1.9.18:p2
sambasamba
1.9.18:p3
sambasamba
1.9.18:p4
sambasamba
1.9.18:p5
sambasamba
1.9.18:p6
sambasamba
1.9.18:p7
sambasamba
1.9.18:p8
sambasamba
2.0
sambasamba
2.0.0
sambasamba
2.0.1
sambasamba
2.0.2
sambasamba
2.0.3
sambasamba
2.0.4
sambasamba
2.0.5
sambasamba
2.0.5:a
sambasamba
2.0.5a:a
sambasamba
2.0.6
sambasamba
2.0.7
sambasamba
2.0.8
sambasamba
2.0.9
sambasamba
2.0.10
sambasamba
2.2:a
sambasamba
2.2.0
sambasamba
2.2.0:a
sambasamba
2.2.0a:a
sambasamba
2.2.1
sambasamba
2.2.1:a
sambasamba
2.2.1a:a
sambasamba
2.2.2
sambasamba
2.2.3
sambasamba
2.2.3:a
sambasamba
2.2.3a:a
sambasamba
2.2.4
sambasamba
2.2.5
sambasamba
2.2.6
sambasamba
2.2.7
sambasamba
2.2.7:a
sambasamba
2.2.7a:a
sambasamba
2.2.8
sambasamba
2.2.8:a
sambasamba
2.2.8a:a
sambasamba
2.2.9
sambasamba
2.2.10
sambasamba
2.2.11
sambasamba
2.2.12
sambasamba
2.2a:a
sambasamba
2.18.3
sambasamba
3.0.0
sambasamba
3.0.1
sambasamba
3.0.2
sambasamba
3.0.2:a
sambasamba
3.0.2a:a
sambasamba
3.0.3
sambasamba
3.0.4
sambasamba
3.0.4:rc1
sambasamba
3.0.5
sambasamba
3.0.6
sambasamba
3.0.7
sambasamba
3.0.8
sambasamba
3.0.9
sambasamba
3.0.10
sambasamba
3.0.11
sambasamba
3.0.12
sambasamba
3.0.13
sambasamba
3.0.14
sambasamba
3.0.14:a
sambasamba
3.0.14a:a
sambasamba
3.0.15
sambasamba
3.0.16
sambasamba
3.0.17
sambasamba
3.0.18
sambasamba
3.0.19
sambasamba
3.0.20
sambasamba
3.0.20:a
sambasamba
3.0.20:b
sambasamba
3.0.20a:a
sambasamba
3.0.20b:b
sambasamba
3.0.21
sambasamba
3.0.21:a
sambasamba
3.0.21:b
sambasamba
3.0.21:c
sambasamba
3.0.21a:a
sambasamba
3.0.21b:b
sambasamba
3.0.21c:c
sambasamba
3.0.22
sambasamba
3.0.23
sambasamba
3.0.23:a
sambasamba
3.0.23:b
sambasamba
3.0.23:c
sambasamba
3.0.23:d
sambasamba
3.0.23a:a
sambasamba
3.0.23b:b
sambasamba
3.0.23c:c
sambasamba
3.0.23d:d
sambasamba
3.0.24
sambasamba
3.0.25
sambasamba
3.0.25:a
sambasamba
3.0.25:b
sambasamba
3.0.25:c
sambasamba
3.0.25:pre1
sambasamba
3.0.25:pre2
sambasamba
3.0.25:rc1
sambasamba
3.0.25:rc2
sambasamba
3.0.25:rc3
sambasamba
3.0.25a:a
sambasamba
3.0.25b:b
sambasamba
3.0.25c:c
sambasamba
3.0.26
sambasamba
3.0.26:a
sambasamba
3.0.26a:a
sambasamba
3.0.27
sambasamba
3.0.27:a
sambasamba
3.0.28
sambasamba
3.0.28:a
sambasamba
3.0.29
sambasamba
3.0.30
sambasamba
3.0.31
sambasamba
3.0.32
sambasamba
3.0.33
sambasamba
3.0.34
sambasamba
3.0.35
sambasamba
3.0.36
sambasamba
3.0.37
sambasamba
3.1.0
sambasamba
3.2.0
sambasamba
3.2.1
sambasamba
3.2.2
sambasamba
3.2.3
sambasamba
3.2.4
sambasamba
3.2.5
sambasamba
3.2.6
sambasamba
3.2.7
sambasamba
3.2.8
sambasamba
3.2.9
sambasamba
3.2.10
sambasamba
3.2.11
sambasamba
3.2.12
sambasamba
3.2.13
sambasamba
3.2.14
sambasamba
3.2.15
sambasamba
3.3.0
sambasamba
3.3.1
sambasamba
3.3.2
sambasamba
3.3.3
sambasamba
3.3.4
sambasamba
3.3.5
sambasamba
3.3.6
sambasamba
3.3.7
sambasamba
3.3.8
sambasamba
3.3.9
sambasamba
3.3.10
sambasamba
3.3.11
sambasamba
3.3.12
sambasamba
3.3.13
sambasamba
3.3.14
sambasamba
3.3.15
sambasamba
3.3.16
sambasamba
3.4.0
sambasamba
3.4.1
sambasamba
3.4.2
sambasamba
3.4.3
sambasamba
3.4.4
sambasamba
3.4.5
sambasamba
3.4.6
sambasamba
3.4.7
sambasamba
3.4.8
sambasamba
3.4.9
sambasamba
3.4.10
sambasamba
3.4.11
sambasamba
3.4.12
sambasamba
3.4.13
sambasamba
3.4.14
sambasamba
3.5.0
sambasamba
3.5.1
sambasamba
3.5.2
sambasamba
3.5.3
sambasamba
3.5.4
sambasamba
3.5.5
sambasamba
3.5.6
sambasamba
3.5.7
sambasamba
3.5.8
sambasamba
3.5.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cifs-utils
bookworm
2:7.0-2
fixed
bullseye
2:6.11-3.1+deb11u2
fixed
bullseye (security)
2:6.11-3.1+deb11u1
fixed
sid
2:7.0-2.1
fixed
trixie
2:7.0-2.1
fixed
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cifs-utils
dapper
dne
hardy
dne
karmic
dne
lucid
dne
maverick
Fixed 2:4.5-2ubuntu0.10.10.1
released
natty
Fixed 2:4.5-2ubuntu0.11.04.1
released
samba
dapper
ignored
hardy
not-affected
karmic
ignored
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.8
released
maverick
not-affected
natty
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
cifs-utils
RHEL 6
0:4.8.1-2.el6_1.2
fixed
libsmbclient
RHEL 6
0:3.5.6-86.el6_1.4
fixed
libsmbclient-devel
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-client
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-common
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-doc
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-domainjoin-gui
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-swat
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-clients
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-devel
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-krb5-locator
RHEL 6
0:3.5.6-86.el6_1.4
fixed
Common Weakness Enumeration
References
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91
http://openwall.com/lists/oss-security/2011/07/29/9
http://secunia.com/advisories/45798
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
http://www.redhat.com/support/errata/RHSA-2011-1220.html
http://www.redhat.com/support/errata/RHSA-2011-1221.html
http://www.securitytracker.com/id?1025984
https://bugzilla.redhat.com/show_bug.cgi?id=726691
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91
http://openwall.com/lists/oss-security/2011/07/29/9
http://secunia.com/advisories/45798
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
http://www.redhat.com/support/errata/RHSA-2011-1220.html
http://www.redhat.com/support/errata/RHSA-2011-1221.html
http://www.securitytracker.com/id?1025984
https://bugzilla.redhat.com/show_bug.cgi?id=726691