CVE-2010-0547

Name of the Vulnerable Software and Affected Versions mount-cifs versions prior to 3.0.30 Samba versions 3.4.5 and earlier

Description The issue concerns multiple vulnerabilities in the mount-cifs package and Samba, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. Specifically, in Samba, the client/mount.cifs.c file does not verify that the device name and mountpoint strings are composed of valid characters, allowing local users to cause a denial of service via a crafted string, resulting in mtab corruption.

Recommendations For mount-cifs versions prior to 3.0.30, update to version 3.0.30 or later. For Samba versions 3.4.5 and earlier, update to a version later than 3.4.5. As a temporary workaround, consider restricting access to the mount.cifs function to minimize the risk of exploitation.