CVE-2011-3363
Publication date 3 October 2011
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
From the Ubuntu Security Team
Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
linux-ec2 | ||
linux-fsl-imx51 | ||
linux-lts-backport-maverick | ||
linux-lts-backport-natty | ||
linux-lts-backport-oneiric | ||
linux-mvl-dove | ||
linux-ti-omap4 | ||
Notes
mdeslaur
from oss-security: "If you have this, you might also want cifs: add fallback in is_path_accessible for old servers 221d1d797202984cb874e3ed9f1388593d34ee22"
Patch details
Package | Patch details |
---|---|
linux |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 · Medium |
Attack vector | Adjacent |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-1241-1
- Linux kernel (i.MX51) vulnerabilities
- 25 October 2011
- USN-1243-1
- Linux kernel vulnerabilities
- 25 October 2011
- USN-1281-1
- Linux (OMAP4) vulnerabilities
- 24 November 2011
- USN-1244-1
- Linux kernel (OMAP4) vulnerabilities
- 25 October 2011
- USN-1168-1
- Linux kernel vulnerabilities
- 15 July 2011
- USN-1162-1
- Linux kernel vulnerabilities (Marvell Dove)
- 29 June 2011
- USN-1167-1
- Linux kernel vulnerabilities
- 13 July 2011
- USN-1256-1
- Linux kernel (Natty backport) vulnerabilities
- 9 November 2011
- USN-1242-1
- Linux kernel (Maverick backport) vulnerabilities
- 25 October 2011
- USN-1161-1
- Linux kernel vulnerabilities (EC2)
- 13 July 2011
- USN-1159-1
- Linux kernel vulnerabilities (Marvell Dove)
- 13 July 2011