CVE-2010-0547Improper Input Validation in Cifs-utils

CWE-20Improper Input Validation22 documents6 sources
Severity
2.1LOWNVD
NVD1.2
EPSS
1.5%
top 18.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Samba Cifs-utilsSambaDebian Cifs-utils+1 more
Timeline
PublishedFeb 4
Latest updateMay 14

Description

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

Debiansamba/cifs-utils< 2:5.1-1+3
debiandebian/cifs-utils< cifs-utils 2:5.1-1 (bookworm)
debiandebian/samba< cifs-utils 2:5.1-1 (bookworm)+1
Debiansamba/samba< 2:3.4.7~dfsg-2+7
NVDsamba/samba3.5.10+151

🔴Vulnerability Details

4
GHSA
GHSA-rv4g-gfv5-499c: The check_mtab function in client/mount2022-05-14
GHSA
GHSA-xppx-r8rj-fw45: client/mount2022-05-02
OSV
CVE-2011-2724: The check_mtab function in client/mount2011-09-06
OSV
CVE-2010-0547: client/mount2010-02-04

📋Vendor Advisories

4
Red Hat
cifs-utils: mount.cifs incorrect fix for CVE-2010-05472011-07-29
Debian
CVE-2011-2724: cifs-utils - The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3...2011
Red Hat
samba: mount.cifs improper device name and mountpoint strings sanitization2010-01-26
Debian
CVE-2010-0547: samba - client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not v...2010

💬Community

11
Bugzilla
CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-05472011-07-29
Bugzilla
CVE-2011-2724 samba, cifs-utils (mount.cifs): check_newline returns EX_USAGE on error, not -1 (incomplete fix for CVE-2010-0547) [fedora-all]2011-07-29
Bugzilla
CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages2010-07-16
Bugzilla
CVE-2010-1208 Mozilla DOM attribute cloning remote code execution vulnerability2010-07-16
Bugzilla
CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native function2010-07-16