CVE-2011-3585Race Condition in Samba

CWE-362Race Condition8 documents8 sources
Severity
4.7MEDIUMNVD
EPSS
0.5%
top 32.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Samba Cifs-utilsSambaRedhat Enterprise Linux
Timeline
PublishedDec 31
Latest updateApr 22

Description

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

Debiansamba/cifs-utils< 2:4.5-1+3
Debiansamba/samba< 2:3.4.7~dfsg-2+3
CVEListV5samba/samba3.6
NVDsamba/samba3.6.0

Also affects: Enterprise Linux 4.0, 5.0, 6.0

🔴Vulnerability Details

3
GHSA
GHSA-jf3j-jm33-ff6p: Multiple race conditions in the (1) mount2022-04-22
OSV
CVE-2011-3585: Multiple race conditions in the (1) mount2019-12-31
CVEList
CVE-2011-3585: Multiple race conditions in the (1) mount2019-12-31

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2011-10-04
Debian
CVE-2011-3585: cifs-utils - Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in S...2011
Red Hat
Samba mtab lock file race condition2010-02-25

💬Community

1
Bugzilla
CVE-2011-3585 Samba mtab lock file race condition2011-10-03
CVE-2011-3585 — Race Condition in Samba | cvebase