CVE-2011-2724

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
sambasamba
𝑥
≤ 3.5.10
sambasamba
1.9.17
sambasamba
1.9.17:p1
sambasamba
1.9.17:p2
sambasamba
1.9.17:p3
sambasamba
1.9.17:p4
sambasamba
1.9.17:p5
sambasamba
1.9.18
sambasamba
1.9.18:p1
sambasamba
1.9.18:p10
sambasamba
1.9.18:p2
sambasamba
1.9.18:p3
sambasamba
1.9.18:p4
sambasamba
1.9.18:p5
sambasamba
1.9.18:p6
sambasamba
1.9.18:p7
sambasamba
1.9.18:p8
sambasamba
2.0
sambasamba
2.0.0
sambasamba
2.0.1
sambasamba
2.0.2
sambasamba
2.0.3
sambasamba
2.0.4
sambasamba
2.0.5
sambasamba
2.0.5:a
sambasamba
2.0.5a:a
sambasamba
2.0.6
sambasamba
2.0.7
sambasamba
2.0.8
sambasamba
2.0.9
sambasamba
2.0.10
sambasamba
2.2:a
sambasamba
2.2.0
sambasamba
2.2.0:a
sambasamba
2.2.0a:a
sambasamba
2.2.1
sambasamba
2.2.1:a
sambasamba
2.2.1a:a
sambasamba
2.2.2
sambasamba
2.2.3
sambasamba
2.2.3:a
sambasamba
2.2.3a:a
sambasamba
2.2.4
sambasamba
2.2.5
sambasamba
2.2.6
sambasamba
2.2.7
sambasamba
2.2.7:a
sambasamba
2.2.7a:a
sambasamba
2.2.8
sambasamba
2.2.8:a
sambasamba
2.2.8a:a
sambasamba
2.2.9
sambasamba
2.2.10
sambasamba
2.2.11
sambasamba
2.2.12
sambasamba
2.2a:a
sambasamba
2.18.3
sambasamba
3.0.0
sambasamba
3.0.1
sambasamba
3.0.2
sambasamba
3.0.2:a
sambasamba
3.0.2a:a
sambasamba
3.0.3
sambasamba
3.0.4
sambasamba
3.0.4:rc1
sambasamba
3.0.5
sambasamba
3.0.6
sambasamba
3.0.7
sambasamba
3.0.8
sambasamba
3.0.9
sambasamba
3.0.10
sambasamba
3.0.11
sambasamba
3.0.12
sambasamba
3.0.13
sambasamba
3.0.14
sambasamba
3.0.14:a
sambasamba
3.0.14a:a
sambasamba
3.0.15
sambasamba
3.0.16
sambasamba
3.0.17
sambasamba
3.0.18
sambasamba
3.0.19
sambasamba
3.0.20
sambasamba
3.0.20:a
sambasamba
3.0.20:b
sambasamba
3.0.20a:a
sambasamba
3.0.20b:b
sambasamba
3.0.21
sambasamba
3.0.21:a
sambasamba
3.0.21:b
sambasamba
3.0.21:c
sambasamba
3.0.21a:a
sambasamba
3.0.21b:b
sambasamba
3.0.21c:c
sambasamba
3.0.22
sambasamba
3.0.23
sambasamba
3.0.23:a
sambasamba
3.0.23:b
sambasamba
3.0.23:c
sambasamba
3.0.23:d
sambasamba
3.0.23a:a
sambasamba
3.0.23b:b
sambasamba
3.0.23c:c
sambasamba
3.0.23d:d
sambasamba
3.0.24
sambasamba
3.0.25
sambasamba
3.0.25:a
sambasamba
3.0.25:b
sambasamba
3.0.25:c
sambasamba
3.0.25:pre1
sambasamba
3.0.25:pre2
sambasamba
3.0.25:rc1
sambasamba
3.0.25:rc2
sambasamba
3.0.25:rc3
sambasamba
3.0.25a:a
sambasamba
3.0.25b:b
sambasamba
3.0.25c:c
sambasamba
3.0.26
sambasamba
3.0.26:a
sambasamba
3.0.26a:a
sambasamba
3.0.27
sambasamba
3.0.27:a
sambasamba
3.0.28
sambasamba
3.0.28:a
sambasamba
3.0.29
sambasamba
3.0.30
sambasamba
3.0.31
sambasamba
3.0.32
sambasamba
3.0.33
sambasamba
3.0.34
sambasamba
3.0.35
sambasamba
3.0.36
sambasamba
3.0.37
sambasamba
3.1.0
sambasamba
3.2.0
sambasamba
3.2.1
sambasamba
3.2.2
sambasamba
3.2.3
sambasamba
3.2.4
sambasamba
3.2.5
sambasamba
3.2.6
sambasamba
3.2.7
sambasamba
3.2.8
sambasamba
3.2.9
sambasamba
3.2.10
sambasamba
3.2.11
sambasamba
3.2.12
sambasamba
3.2.13
sambasamba
3.2.14
sambasamba
3.2.15
sambasamba
3.3.0
sambasamba
3.3.1
sambasamba
3.3.2
sambasamba
3.3.3
sambasamba
3.3.4
sambasamba
3.3.5
sambasamba
3.3.6
sambasamba
3.3.7
sambasamba
3.3.8
sambasamba
3.3.9
sambasamba
3.3.10
sambasamba
3.3.11
sambasamba
3.3.12
sambasamba
3.3.13
sambasamba
3.3.14
sambasamba
3.3.15
sambasamba
3.3.16
sambasamba
3.4.0
sambasamba
3.4.1
sambasamba
3.4.2
sambasamba
3.4.3
sambasamba
3.4.4
sambasamba
3.4.5
sambasamba
3.4.6
sambasamba
3.4.7
sambasamba
3.4.8
sambasamba
3.4.9
sambasamba
3.4.10
sambasamba
3.4.11
sambasamba
3.4.12
sambasamba
3.4.13
sambasamba
3.4.14
sambasamba
3.5.0
sambasamba
3.5.1
sambasamba
3.5.2
sambasamba
3.5.3
sambasamba
3.5.4
sambasamba
3.5.5
sambasamba
3.5.6
sambasamba
3.5.7
sambasamba
3.5.8
sambasamba
3.5.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cifs-utils
bullseye
2:6.11-3.1+deb11u2
fixed
bullseye (security)
2:6.11-3.1+deb11u1
fixed
bookworm
2:7.0-2
fixed
sid
2:7.0-2.1
fixed
trixie
2:7.0-2.1
fixed
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cifs-utils
natty
Fixed 2:4.5-2ubuntu0.11.04.1
released
maverick
Fixed 2:4.5-2ubuntu0.10.10.1
released
lucid
dne
karmic
dne
hardy
dne
dapper
dne
samba
natty
not-affected
maverick
not-affected
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.8
released
karmic
ignored
hardy
not-affected
dapper
ignored
Common Weakness Enumeration
References
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91
http://openwall.com/lists/oss-security/2011/07/29/9
http://secunia.com/advisories/45798
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
http://www.redhat.com/support/errata/RHSA-2011-1220.html
http://www.redhat.com/support/errata/RHSA-2011-1221.html
http://www.securitytracker.com/id?1025984
https://bugzilla.redhat.com/show_bug.cgi?id=726691
http://comments.gmane.org/gmane.linux.kernel.cifs/3827
http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91
http://openwall.com/lists/oss-security/2011/07/29/9
http://secunia.com/advisories/45798
http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
http://www.redhat.com/support/errata/RHSA-2011-1220.html
http://www.redhat.com/support/errata/RHSA-2011-1221.html
http://www.securitytracker.com/id?1025984
https://bugzilla.redhat.com/show_bug.cgi?id=726691