CVE-2010-0547

low

Description

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

References

http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a065c177dfc8f968775593ba00dffafeebb2e054

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/39317

http://security.gentoo.org/glsa/glsa-201206-29.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2010:090

http://www.vupen.com/english/advisories/2010/1062

Details

Source: Mitre, NVD

Published: 2010-02-04

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low