Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 383073 (CVE-2011-3363) - Kernel: cifs/connect.c DoS (CVE-2011-3363)
Summary: Kernel: cifs/connect.c DoS (CVE-2011-3363)
Status: RESOLVED FIXED
Alias: CVE-2011-3363
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://secunia.com/advisories/45936/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-15 11:26 UTC by Agostino Sarubbo
Modified: 2018-04-04 17:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-09-15 11:26:53 UTC
From secunia security advisor at $URL:

Description:
The vulnerability is caused due to an error when mounting CIFS shares with certain DFS referrals, which can be exploited to trigger a "BUG_ON()" in a client by tricking the victim into mounting from a malicious server.

Solution:
https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33 (patch)
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-06-02 14:20:24 UTC
CVE-2011-3363 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3363):
  The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before
  2.6.39 does not properly handle DFS referrals, which allows remote CIFS
  servers to cause a denial of service (system crash) by placing a referral at
  the root of a share.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:36:11 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.