CVE-2011-3363

Published: 03 October 2011

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

From the Ubuntu security team

Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
Patches:
Introduced by e4cce94c9c8797b08faf6a79396df4d175e377fa
Fixed by 70945643722ffeac779d2529a348f99567fa5c33
Introduced by e4cce94c9c8797b08faf6a79396df4d175e377fa
Fixed by 221d1d797202984cb874e3ed9f1388593d34ee22
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39)

Notes

AuthorNote
mdeslaur 
from oss-security: "If you have this, you might also want
cifs: add fallback in is_path_accessible for old servers
221d1d797202984cb874e3ed9f1388593d34ee22"

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading