Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2724

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2011-2724
Last Modified 25 Oct 2011 11:00:11
Published 06 Sep 2011 12:55:10
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2011-2724

Summary

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.

Vulnerable Systems

Application

  • Samba 1.9.17

  • Samba 1.9.18

  • Samba 2.0

  • Samba 2.0.0

  • Samba 2.0.1

  • Samba 2.0.10

  • Samba 2.0.2

  • Samba 2.0.3

  • Samba 2.0.4

  • Samba 2.0.5

  • Samba 2.0.5a

  • Samba 2.0.6

  • Samba 2.0.7

  • Samba 2.0.8

  • Samba 2.0.9

  • Samba 2.18.3

  • Samba 2.2

  • Samba 2.2.0

  • Samba 2.2.0a

  • Samba 2.2.1

  • Samba 2.2.10

  • Samba 2.2.11

  • Samba 2.2.12

  • Samba 2.2.1a

  • Samba 2.2.2

  • Samba 2.2.3

  • Samba 2.2.3a

  • Samba 2.2.4

  • Samba 2.2.5

  • Samba 2.2.6

  • Samba 2.2.7

  • Samba 2.2.7a

  • Samba 2.2.8

  • Samba 2.2.8a

  • Samba 2.2.9

  • Samba 2.2a

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.28

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.35

  • Samba 3.0.36

  • Samba 3.0.37

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.1

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.13

  • Samba 3.2.14

  • Samba 3.2.15

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3.0

  • Samba 3.3.1

  • Samba 3.3.10

  • Samba 3.3.11

  • Samba 3.3.12

  • Samba 3.3.13

  • Samba 3.3.14

  • Samba 3.3.15

  • Samba 3.3.16

  • Samba 3.3.2

  • Samba 3.3.3

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.3.6

  • Samba 3.3.7

  • Samba 3.3.8

  • Samba 3.3.9

  • Samba 3.4.0

  • Samba 3.4.1

  • Samba 3.4.10

  • Samba 3.4.11

  • Samba 3.4.12

  • Samba 3.4.13

  • Samba 3.4.14

  • Samba 3.4.2

  • Samba 3.4.3

  • Samba 3.4.4

  • Samba 3.4.5

  • Samba 3.4.6

  • Samba 3.4.7

  • Samba 3.4.8

  • Samba 3.4.9

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.10

  • Samba 3.5.2

  • Samba 3.5.3

  • Samba 3.5.4

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8

  • Samba 3.5.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=726691

MLIST - [oss-security] 20110729 CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue

CONFIRM - http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91

CONFIRM - http://comments.gmane.org/gmane.linux.kernel.cifs/3827

SECTRACK - 1025984

REDHAT - RHSA-2011:1221

REDHAT - RHSA-2011:1220

MANDRIVA - MDVSA-2011:148

SECUNIA - 45798


Last Updated: 27 May 2016 10:57:05