oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: cifs session reuse

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 15 Apr 2011 11:43:57 +0200
Hi,

When one user has mounted a cifs share that requires authentication,
another user could mount the same share without knowing the
correct password. The following kernel commits fix that:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fc87a40677bbe0937e2ff0642c7e83c9a4813f3d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=24e6cf92fde1f140d8eb0bf7cd24c2c78149b6b2

A way to exploit this would be through mount.cifs if it's
installed setuid root.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Previous By Date Next
Previous By Thread Next

Current thread: