CVE-2011-2724 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-2724 PUBLISHED CVSS 1.2000000476837158 LOW

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.

EPSS 1.12% · 78.1th percentile

Risk Scores

CVSS v2.0

1.2000000476837158

EPSS Score

1.12%

78.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
samba	samba	0, 1.9.17, 1.9.17

Timeline

Sep 6, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91 url
RHSA-2011:1220 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=726691 url
45798 third-party-advisory
1025984 vdb
[oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue mailing-list
MDVSA-2011:148 vendor-advisory
http://comments.gmane.org/gmane.linux.kernel.cifs/3827 url
RHSA-2011:1221 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2011-2724 advisory
http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91 url

Open in Interactive Console →