CVE-2011-2724

Name of the Vulnerable Software and Affected Versions Samba versions prior to 3.5.15 Samba version 3.5.6 Samba version 3.5.10 and earlier cifs-utils version 4.8.1

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The check mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba does not properly verify that the device name and mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

Recommendations For Samba versions prior to 3.5.15, update to version 3.5.15 or later. For Samba version 3.5.6, update to a newer version. For Samba version 3.5.10 and earlier, update to a version later than 3.5.10. For cifs-utils version 4.8.1, update to a newer version. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.