oss-sec mailing list archives

CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount

From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 14 Sep 2011 16:09:27 +0200

"Currently, we skip doing the is_path_accessible check in cifs_mount if
there is no prefixpath. There is a report of at least one server however
that allows a TREE_CONNECT to a share that has a DFS referral at its
root. UNC that had no prefixpath was used in that case, so the
is_path_accessible check was not triggered and the box later hit
a BUG() because we were chasing a DFS referral on the root dentry for
the mount."

Upstream fix:
70945643722ffeac779d2529a348f99567fa5c33

References:
https://bugzilla.redhat.com/show_bug.cgi?id=682829
https://github.com/mirrors/linux/commit/70945643722ffeac779d2529a348f99567fa5c33

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Petr Matousek (Sep 14)
- Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Josh Bressers (Sep 14)
  - Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount akuster (Sep 23)
    - Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Eugene Teo (Sep 25)