VDB
CVE-2011-2724
CVE-2011-2724
PUBLISHED
CVSS 1.2000000476837158 LOW
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
EPSS 1.16% · 79.0th percentile
Risk Scores
CVSS 2.0
1.2000000476837158
EPSS Score
1.16%
79.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| samba | samba | 0, 1.9.17, 1.9.17 |
Exploit Intelligence
- http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91 (circl)
- RHSA-2011:1220 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=726691 (circl)
- 45798 (circl)
- 1025984 (circl)
- [oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue (circl)
- MDVSA-2011:148 (circl)
- http://comments.gmane.org/gmane.linux.kernel.cifs/3827 (circl)
- RHSA-2011:1221 (circl)
Timeline
- Sep 6, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91 url
- RHSA-2011:1220 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=726691 url
- 45798 third-party-advisory
- 1025984 vdb
- [oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue mailing-list
- MDVSA-2011:148 vendor-advisory
- http://comments.gmane.org/gmane.linux.kernel.cifs/3827 url
- RHSA-2011:1221 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-2724 advisory
- http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91 url