CVE-2011-2724
published 2011-09-06CVE-2011-2724: The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2)…
PriorityP46low1.2CVSS 2.0
AVLACHAuNCNINAP
EPSS
0.43%
34.5th percentile
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
Affected
159 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cifs-utils | < cifs-utils 2:5.1-1 (bookworm) | cifs-utils 2:5.1-1 (bookworm) |
| debian | samba | < cifs-utils 2:5.1-1 (bookworm) | cifs-utils 2:5.1-1 (bookworm) |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | cifs-utils | >= 0 < 2:5.1-1 | 2:5.1-1 |
| samba | samba | <= 3.5.10 | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
CVSS provenance
nvdv2.01.2LOWAV:L/AC:H/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_ubuntu3.3LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2011-10-04·CVSS 3.3
CVE-2011-1678 [LOW] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: An attacker could trick Samba into corrupting the system mtab file.
Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab
file. A local attacker could use this issue to corrupt the mtab file,
possibly leading to a denial of service. (CVE-2011-1678)
Jan Lieskovsky discovered that Samba incorrectly filtered certain strings
being added to the mtab file. A local attacker could use this issue to
corrupt the mtab file, possibly leading to a denial of service. This issue
only affected Ubuntu 10.04 LTS. (CVE-2011-2724)
Dan Rosenberg discovered that Samba incorrectly handled the mtab lock file.
A local attacker could use this issue to create a stale lock file, possibly
leading to a denial of service. (CVE-2011-3585)
Instructions: In g
Ubuntu
cifs-utils vulnerabilities
vendor_ubuntu·2011-10-04·CVSS 3.3
CVE-2011-1678 [LOW] cifs-utils vulnerabilities
Title: cifs-utils vulnerabilities
Summary: An attacker could trick cifs-utils into corrupting the system mtab file.
Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the
mtab file. A local attacker could use this issue to corrupt the mtab file,
possibly leading to a denial of service. (CVE-2011-1678)
Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain
strings being added to the mtab file. A local attacker could use this issue
to corrupt the mtab file, possibly leading to a denial of service.
(CVE-2011-2724)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
vendor_redhat·2011-07-29·CVSS 2.1
CVE-2011-2724 [LOW] cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
Package: samba (Red Hat Enterprise Linux 4) - Affected
Package: samba (Red Hat Enterprise Linux 5) - Affected
Debian
CVE-2011-2724: cifs-utils - The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3...
vendor_debian·2011·CVSS 2.1
CVE-2011-2724 [LOW] CVE-2011-2724: cifs-utils - The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3...
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
Scope: local
bookworm: resolved (fixed in 2:5.1-1)
bullseye: resolved (fixed in 2:5.1-1)
forky: resolved (fixed in 2:5.1-1)
sid: resolved (fixed in 2:5.1-1)
trixie: resolved (fixed in 2:5.1-1)
GHSA
GHSA-rv4g-gfv5-499c: The check_mtab function in client/mount
ghsa_unreviewed·2022-05-14·CVSS 2.1
CVE-2011-2724 [LOW] CWE-20 GHSA-rv4g-gfv5-499c: The check_mtab function in client/mount
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
OSV
CVE-2011-2724: The check_mtab function in client/mount
osv·2011-09-06·CVSS 2.1
CVE-2011-2724 [LOW] CVE-2011-2724: The check_mtab function in client/mount
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
bugzilla·2011-07-29·CVSS 7.2
CVE-2011-2724 [HIGH] CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
Originally the CVE-2010-0547 identifier has been assigned by Common Vulnerabilities and Exposures to the following security issue:
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
Later a bug was found in the upstream patch for this issue. More specifically:
check_mtab() calls check_newline() to check device and directory name. check_newline() returns EX_USAGE (1) when error is detected, while check_mtab() expects -1 to indicate an error.
This bug in original CVE-2010-0547 fix (not to propagate th
Bugzilla
CVE-2011-2724 samba, cifs-utils (mount.cifs): check_newline returns EX_USAGE on error, not -1 (incomplete fix for CVE-2010-0547) [fedora-all]
bugzilla·2011-07-29·CVSS 2.1
CVE-2011-2724 [LOW] CVE-2011-2724 samba, cifs-utils (mount.cifs): check_newline returns EX_USAGE on error, not -1 (incomplete fix for CVE-2010-0547) [fedora-all]
CVE-2011-2724 samba, cifs-utils (mount.cifs): check_newline returns EX_USAGE on error, not -1 (incomplete fix for CVE-2010-0547) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?t
Bugzilla
CVE-2010-0547 samba: mount.cifs improper device name and mountpoint strings sanitization
bugzilla·2010-02-05·CVSS 2.1
CVE-2010-0547 [LOW] CVE-2010-0547 samba: mount.cifs improper device name and mountpoint strings sanitization
CVE-2010-0547 samba: mount.cifs improper device name and mountpoint strings sanitization
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0547 to
the following vulnerability:
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier
does not verify that the (1) device name and (2) mountpoint strings
are composed of valid characters, which allows local users to cause a
denial of service (mtab corruption) via a crafted string.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
Upstream patch:
http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054
Issue severity note:
To local, unprivileged user would be able to exploit this
flaw (to corrupt system's /etc/mtab file), the relevant
mount.cifs utility, prese
http://comments.gmane.org/gmane.linux.kernel.cifs/3827http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91http://openwall.com/lists/oss-security/2011/07/29/9http://secunia.com/advisories/45798http://www.mandriva.com/security/advisories?name=MDVSA-2011:148http://www.redhat.com/support/errata/RHSA-2011-1220.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1221.htmlhttp://www.securitytracker.com/id?1025984https://bugzilla.redhat.com/show_bug.cgi?id=726691http://comments.gmane.org/gmane.linux.kernel.cifs/3827http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91http://openwall.com/lists/oss-security/2011/07/29/9http://secunia.com/advisories/45798http://www.mandriva.com/security/advisories?name=MDVSA-2011:148http://www.redhat.com/support/errata/RHSA-2011-1220.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1221.htmlhttp://www.securitytracker.com/id?1025984https://bugzilla.redhat.com/show_bug.cgi?id=726691
2011-09-06
Published