CVE-2010-0547

medium

Description

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

References

http://www.vupen.com/english/advisories/2010/1062

http://www.securityfocus.com/bid/38326

http://www.mandriva.com/security/advisories?name=MDVSA-2010:090

http://security.gentoo.org/glsa/glsa-201206-29.xml

http://secunia.com/advisories/39317

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a065c177dfc8f968775593ba00dffafeebb2e054

Details

Source: Mitre, NVD

Published: 2010-02-04

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium