CVE-2011-1678 — Improper Input Validation in Samba

CWE-20 — Improper Input Validation10 documents8 sources

Severity

3.3LOWNVD

EPSS

0.7%

top 28.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Cifs-utils Samba

Timeline

PublishedApr 10

Latest updateMay 17

Description

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

CVSS vector

AV:L/AC:M/C:P/I:P/A:NExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

▶Debiansamba/cifs-utils< 2:5.1-1+3

▶Debiansamba/samba< 2:3.4.7~dfsg-2+3

▶NVDsamba/samba3.5.8

🔴Vulnerability Details

GHSA

GHSA-v7g7-rpcw-4f58: smbfs in Samba 3↗2022-05-17

▶

CVEList

CVE-2011-1678: smbfs in Samba 3↗2011-04-10

▶

OSV

CVE-2011-1678: smbfs in Samba 3↗2011-04-10

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2011-10-04

▶

Ubuntu

cifs-utils vulnerabilities↗2011-10-04

▶

Red Hat

samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE↗2011-03-03

▶

Debian

CVE-2011-1678: cifs-utils - smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the...↗2011

▶

💬Community

Bugzilla

CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE [fedora-all]↗2011-04-12

▶

Bugzilla

CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE↗2011-04-12

▶