Input validation error in Samba - CVE-2011-2724
Published: September 6, 2011 / Updated: August 3, 2020
Vulnerability identifier: #VU33334
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-2724
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Samba
Affected software:
Samba
Samba
Detailed vulnerability description
The vulnerability allows local users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (mtab corruption) via a crafted string.
How to mitigate CVE-2011-2724
Update to version 3.5.11.
Sources
- http://comments.gmane.org/gmane.linux.kernel.cifs/3827
- http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
- http://openwall.com/lists/oss-security/2011/07/29/9
- http://secunia.com/advisories/45798
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
- http://www.redhat.com/support/errata/RHSA-2011-1220.html
- http://www.redhat.com/support/errata/RHSA-2011-1221.html
- http://www.securitytracker.com/id?1025984
- https://bugzilla.redhat.com/show_bug.cgi?id=726691