Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 383073 (CVE-2011-3363)

Summary: Kernel: cifs/connect.c DoS (CVE-2011-3363)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2011-09-15 11:26:53 UTC
From secunia security advisor at $URL:

The vulnerability is caused due to an error when mounting CIFS shares with certain DFS referrals, which can be exploited to trigger a "BUG_ON()" in a client by tricking the victim into mounting from a malicious server.

Solution: (patch)
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-06-02 14:20:24 UTC
CVE-2011-3363 (
  The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before
  2.6.39 does not properly handle DFS referrals, which allows remote CIFS
  servers to cause a denial of service (system crash) by placing a referral at
  the root of a share.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-04 17:36:11 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.