CVE-2012-1090
Priority
Low
Description
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10
allows local users to cause a denial of service (OOPS) via attempted access
to a special file, as demonstrated by a FIFO.
"The cifs code will attempt to open files on lookup under certain
circumstances. What happens though if we find that the file we opened
was actually a FIFO or other special file? Currently, the open
filehandle just ends up being leaked leading to a dentry refcount
mismatch and oops on umount."
allows local users to cause a denial of service (OOPS) via attempted access
to a special file, as demonstrated by a FIFO.
"The cifs code will attempt to open files on lookup under certain
circumstances. What happens though if we find that the file we opened
was actually a FIFO or other special file? Currently, the open
filehandle just ends up being leaked leading to a dentry refcount
mismatch and oops on umount."
Ubuntu-Description
A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service.
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1090
http://thread.gmane.org/gmane.linux.kernel.cifs/5526
http://www.openwall.com/lists/oss-security/2012/02/28/3
http://www.ubuntu.com/usn/usn-1405-1
http://www.ubuntu.com/usn/usn-1425-1
http://www.ubuntu.com/usn/usn-1426-1
http://www.ubuntu.com/usn/usn-1431-1
http://www.ubuntu.com/usn/usn-1433-1
http://www.ubuntu.com/usn/usn-1432-1
http://www.ubuntu.com/usn/usn-1440-1
http://www.ubuntu.com/usn/usn-1446-1
http://www.ubuntu.com/usn/usn-1458-1
http://thread.gmane.org/gmane.linux.kernel.cifs/5526
http://www.openwall.com/lists/oss-security/2012/02/28/3
http://www.ubuntu.com/usn/usn-1405-1
http://www.ubuntu.com/usn/usn-1425-1
http://www.ubuntu.com/usn/usn-1426-1
http://www.ubuntu.com/usn/usn-1431-1
http://www.ubuntu.com/usn/usn-1433-1
http://www.ubuntu.com/usn/usn-1432-1
http://www.ubuntu.com/usn/usn-1440-1
http://www.ubuntu.com/usn/usn-1446-1
http://www.ubuntu.com/usn/usn-1458-1
Notes
apw> currently sitting in the master branch of the tree below, waiting
apw> on merge with linus:
apw> git://git.samba.org/sfrench/cifs-2.6
apw> see:
apw> cifs: fix dentry refcount leak when opening a FIFO on lookup
apw> now upstream (see below)
apw> on merge with linus:
apw> git://git.samba.org/sfrench/cifs-2.6
apw> see:
apw> cifs: fix dentry refcount leak when opening a FIFO on lookup
apw> now upstream (see below)
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.2.0-1601.4) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.2.0-1601.4) |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-345.47) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.0.0-18.31~lucid1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.38-15.59~lucid1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Patches:
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-41.88) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.2.0-19.30) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.2.0-19.30) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (3.2.0-19.30) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (3.2.0-19.30) |
Patches:
| Introduced by 8db14ca12569fe885694bd3d5ff84c2d973d3cb0 | Fixed by 5bccda0ebc7c0331b81ac47d39e4b920b198b2cd |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.2.0-1410.13) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.2.0-1410.13) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (3.2.0-1410.13) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (3.2.0-1410.13) |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (3.3~rc7) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |