CVE-2018-1066

Published: 02 March 2018

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

From the Ubuntu security team

It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service (client system crash).

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.13.0-16.19)


	Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by cabfb3680f78981d26c078a26e5c748531257ebb
linux-armadaxp Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


	This package is not directly supported by the Ubuntu Security Team
linux-aws Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1001.1)


linux-aws-hwe Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-azure Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1002.2)


linux-azure-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.18.0-1006.6~18.04.1)


linux-euclid Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-flo Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-gcp Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1001.1)


linux-gcp-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.18.0-1004.5~18.04.1)


linux-gke Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-goldfish Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-grouper Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-hwe Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.18.0-13.14~18.04.1)


linux-hwe-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.18.0-13.14~18.04.1)


linux-kvm Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1002.2)


linux-linaro-omap Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-linaro-shared Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-linaro-vexpress Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-quantal Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


	This package is not directly supported by the Ubuntu Security Team
linux-lts-raring Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-saucy Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


	This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-utopic Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-vivid Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-wily Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-xenial Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-maguro Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-mako Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-manta Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-oem Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1002.3)


linux-oracle Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1007.9)


linux-qcm-msm Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-raspi2 Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.13.0-1005.5)


linux-snapdragon Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable


linux-ti-omap4 Launchpad, Ubuntu, Debian	Upstream	Released (4.11~rc1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›