oss-sec mailing list archives
CVE Request: cifs session reuse
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 15 Apr 2011 11:43:57 +0200
Hi, When one user has mounted a cifs share that requires authentication, another user could mount the same share without knowing the correct password. The following kernel commits fix that: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fc87a40677bbe0937e2ff0642c7e83c9a4813f3d http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2 A way to exploit this would be through mount.cifs if it's installed setuid root. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE Request: cifs session reuse Ludwig Nussel (Apr 15)
- Re: CVE Request: cifs session reuse Josh Bressers (Apr 15)