CVE-2011-3191

Priority
Medium
Description
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c
in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial
of service (memory corruption) or possibly have unspecified other impact
via a large length value in a response to a read request for a directory.
Ubuntu-Description
Darren Lavender discovered that the CIFS client incorrectly handled certain
large values. A remote attacker with a malicious server could exploit this
to crash the system or possibly execute arbitrary code as the root user.
References
Bugs
Notes
 apw> patch title is as below in CIFS tree, likely SHA1 added below:
 apw> cifs: fix possible memory corruption in CIFSFindNext
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.0.0-11.18)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by c32dfffaf59f73bbcf4472141b851a4dc5db2bf0
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.0.0-1205.10)
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:00 UTC (commit 9756)