vulnerability CVE-2010-0547 Samba: corruption of mtab via mount.cifs
Synthesis of the vulnerability

A local attacker can use the mount.cifs command, in order to inject invalid characters in the /etc/mtab file.

Severity: 1/4. Consequences: data creation/edition. Provenance: user shell. Means of attack: 1 attack. Ability of attacker: technician (2/4). Confidence: confirmed by the editor (5/5). Diffusion of the vulnerable configuration: high (3/3). Creation date: 08/02/2010.

Impacted products

• Debian Linux versions
• Samba versions

Description of the vulnerability

The mount.cifs utility of the Samba suite is used to mount a remote CIFS/SMB share in a local directory. The /etc/mtab file contains the list of mount points. This file is updated each time a new resource is mounted by mount.cifs. However, mount.cifs does not check if the device or mount point name contains a special character (line feed, tabulation, etc.). This invalid character is inserted in the /etc/mtab file, which corrupts it. A local attacker can therefore use the mount.cifs command, in order to inject invalid characters in the /etc/mtab file, which leads to a denial of service.

Characteristics

Title: Samba: corruption of mtab via mount.cifs Identifiers: BID-38326, CVE-2010-0547, DSA 2004-1, VIGILANCE-VUL-9415. Url: https://vigilance.fr/tree/1/9415

Information sources

Publications and announces Source example: mount.cifs: check for invalid characters in device name and mountpoint

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept