Lucene search
HistoryFeb 04, 2010 - 8:15 p.m.
CVE-2010-0547
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.5%
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
Affected configurations
Node
sambasambaRange≤3.4.5
ORsambasambaMatch1.9.17
ORsambasambaMatch1.9.17p1
ORsambasambaMatch1.9.17p2
ORsambasambaMatch1.9.17p3
ORsambasambaMatch1.9.17p4
ORsambasambaMatch1.9.17p5
ORsambasambaMatch1.9.18
ORsambasambaMatch1.9.18p1
ORsambasambaMatch1.9.18p10
ORsambasambaMatch1.9.18p2
ORsambasambaMatch1.9.18p3
ORsambasambaMatch1.9.18p4
ORsambasambaMatch1.9.18p5
ORsambasambaMatch1.9.18p6
ORsambasambaMatch1.9.18p7
ORsambasambaMatch1.9.18p8
ORsambasambaMatch2.2.0
ORsambasambaMatch2.2.0a
ORsambasambaMatch2.2.1
ORsambasambaMatch2.2.1a
ORsambasambaMatch2.2.2
ORsambasambaMatch2.2.3
ORsambasambaMatch2.2.3a
ORsambasambaMatch2.2.4
ORsambasambaMatch2.2.5
ORsambasambaMatch2.2.6
ORsambasambaMatch2.2.7
ORsambasambaMatch2.2.7a
ORsambasambaMatch2.2.8
ORsambasambaMatch2.2.8a
ORsambasambaMatch2.2.9
ORsambasambaMatch2.2.10
ORsambasambaMatch2.2.11
ORsambasambaMatch2.2.12
ORsambasambaMatch2.2a
ORsambasambaMatch3.0.0
ORsambasambaMatch3.0.1
ORsambasambaMatch3.0.2
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.3
ORsambasambaMatch3.0.4
ORsambasambaMatch3.0.4rc1
ORsambasambaMatch3.0.5
ORsambasambaMatch3.0.6
ORsambasambaMatch3.0.8
ORsambasambaMatch3.0.9
ORsambasambaMatch3.0.10
ORsambasambaMatch3.0.11
ORsambasambaMatch3.0.12
ORsambasambaMatch3.0.13
ORsambasambaMatch3.0.14
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.20
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.21
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.22
ORsambasambaMatch3.0.23
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.24
ORsambasambaMatch3.0.25
ORsambasambaMatch3.0.25pre1
ORsambasambaMatch3.0.25pre2
ORsambasambaMatch3.0.25rc1
ORsambasambaMatch3.0.25rc2
ORsambasambaMatch3.0.25rc3
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.26
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.27
ORsambasambaMatch3.0.27a
ORsambasambaMatch3.0.28
ORsambasambaMatch3.0.28a
ORsambasambaMatch3.0.29
ORsambasambaMatch3.0.30
ORsambasambaMatch3.0.31
ORsambasambaMatch3.0.32
ORsambasambaMatch3.0.33
ORsambasambaMatch3.0.34
ORsambasambaMatch3.0.35
ORsambasambaMatch3.0.36
ORsambasambaMatch3.0.37
ORsambasambaMatch3.2.0
ORsambasambaMatch3.2.1
ORsambasambaMatch3.2.2
ORsambasambaMatch3.2.3
ORsambasambaMatch3.2.4
ORsambasambaMatch3.2.5
ORsambasambaMatch3.2.6
ORsambasambaMatch3.2.7
ORsambasambaMatch3.2.8
ORsambasambaMatch3.2.9
ORsambasambaMatch3.2.10
ORsambasambaMatch3.2.11
ORsambasambaMatch3.2.12
ORsambasambaMatch3.2.13
ORsambasambaMatch3.2.14
ORsambasambaMatch3.2.15
ORsambasambaMatch3.3.0
ORsambasambaMatch3.3.1
ORsambasambaMatch3.3.2
ORsambasambaMatch3.3.3
ORsambasambaMatch3.3.4
ORsambasambaMatch3.3.5
ORsambasambaMatch3.3.6
ORsambasambaMatch3.3.7
ORsambasambaMatch3.3.8
ORsambasambaMatch3.3.9
ORsambasambaMatch3.3.10
ORsambasambaMatch3.4.0
ORsambasambaMatch3.4.1
ORsambasambaMatch3.4.2
ORsambasambaMatch3.4.3
ORsambasambaMatch3.4.4
References
git.samba.org/?p=samba.git%3Ba=commit%3Bh=a065c177dfc8f968775593ba00dffafeebb2e054
lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
secunia.com/advisories/39317
security.gentoo.org/glsa/glsa-201206-29.xml
www.mandriva.com/security/advisories?name=MDVSA-2010:090
www.securityfocus.com/bid/38326
www.vupen.com/english/advisories/2010/1062
Related
debiancve
debiancve
CVE-2010-0547
2010-02-04 20:15:24
CVE-2011-2724
2011-09-06 16:55:10
cve
cve
CVE-2010-0547
2010-02-04 20:15:24
CVE-2011-2724
2011-09-06 16:55:10
cvelist
cvelist
CVE-2010-0547
2010-02-04 18:00:00
CVE-2011-2724
2011-09-06 16:00:00
seebug
seebug
Samba 3.4.5 client/mount.cifs.c本地拒绝服务漏洞
2010-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2010-0547
2010-02-04 00:00:00
CVE-2011-2724
2011-09-06 00:00:00
prion
prion
Path traversal
2010-02-04 20:15:00
Path traversal
2011-09-06 16:55:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:51:48
Denial Of Service (DoS)
2020-04-10 01:02:27
nessus
nessus
SuSE 11 Security Update : Samba (SAT Patch Number 2126)
2010-03-23 00:00:00
SuSE 10 Security Update : Samba (ZYPP Patch Number 6921)
2010-10-11 00:00:00
SuSE 10 Security Update : Samba (ZYPP Patch Number 6920)
2010-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: cifs-utils-4.8.1-7.fc14
2011-08-09 01:29:26
[SECURITY] Fedora 16 Update: cifs-utils-5.0-2.fc16
2011-08-22 15:29:48
[SECURITY] Fedora 15 Update: cifs-utils-5.0-2.fc15
2011-08-09 01:35:06
nvd
nvd
CVE-2011-2724
2011-09-06 16:55:10
openvas
openvas
Debian Security Advisory DSA 2004-1 (samba)
2010-03-16 00:00:00
Mandriva Update for openssh MDVA-2010:090 (openssh)
2010-03-12 00:00:00
Fedora Update for cifs-utils FEDORA-2011-10028
2012-03-19 00:00:00
debian
debian
[SECURITY] [DSA 2004-1] New samba packages fix several vulnerabilities
2010-02-28 21:55:00
gentoo
gentoo
mount-cifs: Multiple vulnerabilites
2012-06-25 00:00:00
osv
osv
samba - several vulnerabilities
2010-02-28 00:00:00
centos
centos
samba3x security update
2011-09-01 16:12:20
libsmbclient, samba security update
2011-08-29 21:13:06
redhat
redhat
(RHSA-2011:1220) Moderate: samba3x security update
2011-08-29 00:00:00
(RHSA-2011:1221) Moderate: samba and cifs-utils security and bug fix update
2011-08-29 00:00:00
(RHSA-2011:1219) Moderate: samba security update
2011-08-29 00:00:00
oraclelinux
oraclelinux
samba security update
2011-08-29 00:00:00
samba security, bug fix, and enhancement update
2012-03-01 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.5%
Related for NVD:CVE-2010-0547