CVE-2011-3585
published 2019-12-31CVE-2011-3585: Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a…
PriorityP412medium4.7CVSS 3.1
AVLACHPRLUINSUCNINAH
EPSS
0.32%
23.4th percentile
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cifs-utils | < cifs-utils 2:4.5-1 (bookworm) | cifs-utils 2:4.5-1 (bookworm) |
| debian | samba | < cifs-utils 2:4.5-1 (bookworm) | cifs-utils 2:4.5-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| samba | cifs-utils | >= 0 < 2:4.5-1 | 2:4.5-1 |
| samba | cifs-utils | >= 0 < 2:4.5-1 | 2:4.5-1 |
| samba | cifs-utils | >= 0 < 2:4.5-1 | 2:4.5-1 |
| samba | cifs-utils | >= 0 < 2:4.5-1 | 2:4.5-1 |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
| samba | samba | >= 0 < 2:3.4.7~dfsg-2 | 2:3.4.7~dfsg-2 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:N/I:N/A:P
osv4.7MEDIUM
vendor_debian4.7LOW
vendor_redhat4.7MEDIUM
vendor_ubuntu3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jf3j-jm33-ff6p: Multiple race conditions in the (1) mount
ghsa_unreviewed·2022-04-22
CVE-2011-3585 [LOW] CWE-362 GHSA-jf3j-jm33-ff6p: Multiple race conditions in the (1) mount
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
OSV
CVE-2011-3585: Multiple race conditions in the (1) mount
osv·2019-12-31·CVSS 4.7
CVE-2011-3585 [MEDIUM] CVE-2011-3585: Multiple race conditions in the (1) mount
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2011-10-04·CVSS 3.3
CVE-2011-1678 [LOW] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: An attacker could trick Samba into corrupting the system mtab file.
Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab
file. A local attacker could use this issue to corrupt the mtab file,
possibly leading to a denial of service. (CVE-2011-1678)
Jan Lieskovsky discovered that Samba incorrectly filtered certain strings
being added to the mtab file. A local attacker could use this issue to
corrupt the mtab file, possibly leading to a denial of service. This issue
only affected Ubuntu 10.04 LTS. (CVE-2011-2724)
Dan Rosenberg discovered that Samba incorrectly handled the mtab lock file.
A local attacker could use this issue to create a stale lock file, possibly
leading to a denial of service. (CVE-2011-3585)
Instructions: In g
Debian
CVE-2011-3585: cifs-utils - Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in S...
vendor_debian·2011·CVSS 4.7
CVE-2011-3585 [MEDIUM] CVE-2011-3585: cifs-utils - Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in S...
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
Scope: local
bookworm: resolved (fixed in 2:4.5-1)
bullseye: resolved (fixed in 2:4.5-1)
forky: resolved (fixed in 2:4.5-1)
sid: resolved (fixed in 2:4.5-1)
trixie: resolved (fixed in 2:4.5-1)
Red Hat
Samba mtab lock file race condition
vendor_redhat·2010-02-25·CVSS 4.7
CVE-2011-3585 [MEDIUM] Samba mtab lock file race condition
Samba mtab lock file race condition
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
Package: samba3x (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No public exploits indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=742907https://bugzilla.samba.org/show_bug.cgi?id=7179https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee0294d9b371071cb08268200https://www.openwall.com/lists/oss-security/2011/09/27/1https://www.openwall.com/lists/oss-security/2011/09/30/5https://bugzilla.redhat.com/show_bug.cgi?id=742907https://bugzilla.samba.org/show_bug.cgi?id=7179https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee0294d9b371071cb08268200https://www.openwall.com/lists/oss-security/2011/09/27/1https://www.openwall.com/lists/oss-security/2011/09/30/5
2019-12-31
Published