Re: CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/14/2013 01:07 PM, P J P wrote:
> Hello,
>
> Linux kernel built with the Common Internet File System
> (CONFIG_CIFS) support along with a feature to access Distributed
> File Systems (CONFIG_CIFS_DFS_UPCALL), is vulnerable to a memory
> corruption flaw caused by writing one byte past an allocated memory
> area. It occurs while mounting a DFS share wherein the server
> provides DFS referral names of certain length. The memory
> corruption leads to an unresponsive kernel and subsequent crash
> resulting in Denial of Service.
>
> An user/program able to mount a file system could use this flaw to
> crash the kernel resulting in DoS.
>
> Upstream fix: ------------- ->
> https://git.kernel.org/linus/1fc29bacedeabb278080e31bb9c1ecb49f143c3b
>
>
>
> Thank you.

Please use CVE-2013-4247 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSC/A9AAoJEBYNRVNeJnmTnCYQALZ8C/e+35tYVn25OnW1Ksq9
LdPnLaL6L1DittWkEt7Z4EntM+Qy3r+Djtnl7auJdck//9crUBhYgPks8HXYISHy
uR+71OpZ96tUcMhxYrn1N2KkWrqwZry+woUENFDqJI483itejMnTGpw+lbRAVMjD
zjlWLN7lRouVbz1X34ZcPkWMn8LBDmycc989ufrKBkp0vactxhaRtd+GwcxUu6Lw
CKWPnA1HcOUAG2eqKoqZgJfzyHqcsHj7WnyxYuQklWfTtUVIbTvc0R8tHwfX/hc8
Z2AjeDPkRS2f1oROFfj/Y65dLnmog8TRETHpljrZBXGvyQFbrrTWAbm48HPtinaQ
6fMjo3Hrmb1cIO0AiwFz1K/HOG2acleK1YIdUFqdzRj0oRV4+F6WL99i90PIo82j
B/rYngE8hL4my8k9IEma9aFwebWC+81fYP8UYFJ9w0pA29uzyYN3c2m84DYcxS7y
tUiQLuFnkQnJXSTEMZ90BnknLVA3dZZNYTXk5qXR1dBlZQEzMaQrlnBQzT3Yvene
4G3ZPvAQsMKvfQXsyiXmfb+06d9WJD2Ai+541B3AMQxQwILnGgNxncpcPLNyoqqG
FPC5CiCqjACQ68mMxvb1E/ObwfqDlS/lgwuORcEsaP8ghLdpTvNPrvI7wyg0DCU4
QP5A17rut3fmUoMkqFVa
=SWLN
-----END PGP SIGNATURE-----